Bugtraq mailing list archives

UPDATE: SSH insertion attack

From: iarce () core-sdi com (Ivan Arce)
Date: Fri, 3 Jul 1998 20:09:35 -0300


-----BEGIN PGP SIGNED MESSAGE-----


- -------------------------------------------------------------------------------


                              CORE SDI S.A.
                          Buenos Aires, Argentina
                         <http://www.core-sdi.com>


                       Update on SSH insertion attack
                            July 3rd, 1998


- -------------------------------------------------------------------------------

A new patch for the detection  of the SSH insertion attack published by
CORE on June 11th. is now available at:

<http://www.core-sdi.com/ssh>

The new patch fixes two problems originally mentioned in
comp.security.ssh by David Jones <jonesd () kcgl1 eng ohio-state edu>
that were found to have certain implications on the reliability of the
attack detection.

It is strongly recommended to apply the new patch.

MD5 hashes for the available files are provided
below:

 MD5 (ssh-1.2.25-core.tar.gz)   = 9cc2adf10e8c2563db1d70a24ac4b2cd
 MD5 (ssh-1.2.23-core-b.tar.gz) = 328583fc8356b96a4b3c629260685965
 MD5 (ssh-1.2.23-core-b.tar.Z)  = f8210154b07116cd70ffe77bffbc9463
 MD5 (ssh-1.2.25.tar.Z)         = 3c171a91d6eab639f6ea06e62be53b85
 MD5 (ssh-1.2.23b.patch)        = 882c36fd589a863927a8ef48d456dfef
 MD5 (ssh-1.2.25.patch)         = 57b2d84116642fd3135dc641045445df

 Patches apply to the original SSH distributions 1.2.23 and 1.2.25

 Additionally, a more technical description of the attack is
 provided at the same URL.

$Id: ssh-addenum.txt,v 1.1 1998/07/03 20:22:32 iarce Exp $
- --
==============================[ CORE Seguridad de la Informacion S.A. ]=======
Ivan Arce
Gerencia de Tecnologia                          Email     : ivan () core-sdi com
Av. Santa Fe 2861 5to C                         TE        : +54-1-821-1030
CP 1425                                         FAX       : +54-1-821-1030
Buenos Aires, Argentina                         Mensajeria: +54-1-317-4157
==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBNZ1RxfnO/LnPTgz1AQGYUgP/dqd+1cC9aLLuAgbOcYn2QaRFtuZKKiHL
58yjJPW5uYWfQB9qh5zEXEXTPc76/cNqQgY303JqWkrkIjOQ8ZG3lLqlPpBCHKRF
NIVKY5mMZBOZ6O8G1Cp4lzlaWycq2+03yKElO3wnHnJkic3+w98AF223kNLjvkmX
JAeEaYIUUzw=
=WvWJ
-----END PGP SIGNATURE-----

Current thread:

WWW Authorization Gateway, (continued)
- - - WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
  - Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
    - Re: Sun libnsl lameness Scott Stubbs (Jul 09)
    - Sun libnsl patches Mike Sorsen (Jul 09)
  - Re: Sun libnsl lameness Matt Conover (Jul 08)
  - DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
  - Administrivia Aleph One (Jul 09)
- Re: Sun libnsl lameness Andy Polyakov (Jul 03)
  - Re: Sun libnsl lameness Matt Conover (Jul 03)
  - UPDATE: SSH insertion attack Ivan Arce (Jul 03)
  - [rootshell] Security Bulletin #20 Aleph One (Jul 06)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 09)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 10)