Bugtraq mailing list archives

Re: SSH 1 Why?

From: rafael () RJW WAW PL (R. J. Wysocki)
Date: Sat, 18 Dec 1999 18:10:01 +0100


On Wed, 15 Dec 1999, Emiliano Kargieman wrote:

"Daniel P. Zepeda" wrote:

Well, there is a problem in the way SSH protocol version 1.x (implemented in
versions 1.x of the SSH software packages) handles integrity checking of the
encrypted channel, that could allow an attacker to insert arbitrary commands
to be executed on the server. This problem is inherent to the protocol and
although there are ways to detect this attack, an upgrade of the protocol is
recommended. See
199806120125.WAA05406 () takeover core com 
ar">http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-06-08&msg=199806120125.WAA05406 () takeover 
core com ar</A>


They claim that the 1.2.25 version of ssh fixes the problem.  Not true?
Is ssh-1.2.27 vulnerable?

        Greets

                Rafael

Current thread:

sshd1 allows unencrypted sessions regardless of server policy, (continued)
- - sshd1 allows unencrypted sessions regardless of server policy Markus Friedl (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Michael H. Warfield (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Pavel Machek (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy Joseph Moran (Dec 14)
    - Re: sshd1 allows unencrypted sessions regardless of server policy David Schwartz (Dec 15)
    - SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 14)
    - SSH 1 Why? Daniel P. Zepeda (Dec 14)
    - Re: SSH 1 Why? Emiliano Kargieman (Dec 15)
    - Re: SSH 1 Why? Emiel Kollof (Dec 15)
    - Re: SSH 1 Why? Iván Arce (Dec 16)
    - Re: SSH 1 Why? R. J. Wysocki (Dec 18)
    - Groupewise Web Interface Sacha Faust Bourque (Dec 19)
    - Re: Groupewise Web Interface Raymond Dijkxhoorn (Dec 20)
    - Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
    - Announcement: Solaris loadable kernel module backdoor plasmoid (Dec 20)
    - Re: Announcement: Solaris loadable kernel module backdoor pedward () WEBCOM COM (Dec 21)
    - Re: Announcement: Solaris loadable kernel module backdoor Marc Esipovich (Dec 22)
    - Re: Announcement: Solaris loadable kernel module backdoor Steven Alexander (Dec 23)
    - Re: Announcement: Solaris loadable kernel module backdoor Rainer Link (Dec 22)
    - Re: Announcement: Solaris loadable kernel module backdoor Keith Owens (Dec 22)
    - Re: Groupewise Web Interface satherrl () MAILPOINT DSSRG CURTIN EDU AU (Dec 21)

(Thread continues...)