Reminders to check back

Published: 2008-11-18
Last Updated: 2008-11-18 18:03:12 UTC
by Joel Esler (Version: 1)
0 comment(s)

Alot of people, especially those that follow the RSS feed will get an alert when we post a new article.  However, I feel the need to remind you that we go back and update articles as well.  For instance, I just updated the "Plaintext recovery against OpenSSH" article.

So if you are raising the red flag at your office about SSH, you need to keep checking back against the article you are interested in for updates.

It's all about Impact right?  One vulnerability may impact your organization more crucially than the company next to you.  It all depends on the threat assessment of your network.  For instance, MS08-067 might have impacted you greatly, if you had Windows systems.  But what about those networks that do not have Windows systems?

(Yes, all that is open for interpretation, but..)

My point in all that is, keep checking back against the articles that are important to you.  We update them all the time.

-- Joel Esler

0 comment(s)

Plaintext Recovery Attack Against OpenSSH

Published: 2008-11-18
Last Updated: 2008-11-18 17:56:30 UTC
by Joel Esler (Version: 4)
2 comment(s)

This morning we've received a couple emails and a post in our IRC channel (#dshield on concerning a Plaintext Recovery Attack against OpenSSH.  Specifically version 4.7p1, which is quite old.


From the article:

"If exploited, this attack can potentially allow an attacker to
recover up to 32 bits of plaintext from an arbitrary block of
ciphertext from a connection secured using the SSH protocol in
the standard configuration. If OpenSSH is used in the standard
configuration, then the attacker's success probability for
recovering 32 bits of plaintext is 2^{-18}. A variant of the
attack against OpenSSH in the standard configuration recovers 14
bits of plaintext with probability 2^{-14}. The success probability
of the attack for other implementations of SSH is not known."

Here's a link to the article itself:  here.  So that you may read at your leisure.

Here's a link to OpenSSH's Security Page: here.

The current version of OpenSSH is 5.1, and it's been out since July.  So make sure you are patched by running "ssh -V" on the command line.

I just did it on my OSX Machine and I am running 5.1p1. 

UPDATE:  Received an email from a reader, (thanks Jack!), Ubuntu 8.04, updated as of this morning is still running OpenSSH 4.7p1.

UPDATE 2:  A workaround apparently, from information I have just read (at least for SSH Tectia Products) is to stop using CBC mode block cyphers.  At least in the SSH Tectia products, you can use the CryptiCore or Arcfour encryption algorithm.

UPDATE 3:  The likelyhood of successful attack is LOW according to the link I posted to the article above, the vulnerability requires "retransmission of plaintext on reconnect to be successful".  I'm not saying that 5.1 is not vulnerable.  I am saying that 5.1 is the current version, just so there is no misconception.  CPNI says: "We expect any RFC-compliant SSH implementation to be vulnerable to some form of the attack."

We're not telling you to stop using SSH, by no means.  We expect updates to be posted that switch encryption algorithms.

We won't be raising the Infocon anytime soon unless we start seeing patterns of attack, or an exploit comes out that makes it very simple to exploit this vulnerability.  As you know, our Infocon doesn't get raised on every little thing.  We discuss it internally heavily before we move it in any direction.


-- Joel Esler


2 comment(s)


Diary Archives