Bugtraq mailing list archives
Re: sshd1 allows unencrypted sessions regardless of server policy
From: jmoran () IPASS NET (Joseph Moran)
Date: Wed, 15 Dec 1999 01:06:24 -0500
On Tue, 14 Dec 1999, Pavel Machek wrote:
Because passphrase-less hostkeys are 'encrypted' with cipher "none" the code for this cipher is always compiled into the programs. This way the client is free to choose "none" and no server will complain.And what? Malicious ssh client can make non-encrypted connection. But malicious ssh client can also send carbon-copy of all communication to www.cia.org:5000! There's no way to protect from malicious ssh clients...
Of course, but that's no excuse for a lapse in good programming. If the server tells the client "here, pick from this list", it's common sense that the server would check the client's response to see if it's valid. That aside, this hole could be useful in a situation where Party A wants to help Party B compromise a system without leaving a paper trail. Party A trojans an ssh client binary, Innocent Bystander C does an ssh connection somewhere, and Party B sniffs the cleartext traffic. No evidence to point to Party B. If instead Party A trojaned the binary to send Party B a carbon-copy, and a white hat could extract this, then Party B is implicated. jm
Current thread:
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability, (continued)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 14)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Federico - Comnet S.A. (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70Vulnerability ussr secure (Dec 16)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Tim (Dec 15)
- Re: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability Ussr Labs (Dec 15)
- CERT Advisory CA-99-16 Buffer Overflow in Sun Solstice AdminSuite Daemon sadmind Elias Levy (Dec 14)
- Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70 Jarle Aase (Dec 16)
- Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
- Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)