SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   OpenSSH Vendors:   OpenSSH.org
(OpenSSH Vendor Fix) Re: Weaknesses in SSH Protocols Can Facilitate Attacks Through Passive Monitoring of Protocol Traffic
SecurityTracker Alert ID:  1001165
SecurityTracker URL:  http://securitytracker.com/id/1001165
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 27 2001
Impact:   Disclosure of authentication information, Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   It was reported last week that several weaknesses exist in various implementations of SSH (Secure Shell) protocols. When exploited, these vulnerabilities let an attacker obtain sensitive information by passively monitoring encrypted SSH sessions that can later be used to facilitate attacks. This could include speeding up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions.

OpenSSH.org released OpenSSH 2.5.2 to provide improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic," as well as other improvements.

Impact:   An attacker that is monitoring SSH traffic could obtain sensitive information that can later be used to facilitate attacks. This could include speeding up brute-force attacks on passwords, including the initial login password and other passwords appearing in interactive SSH sessions, such as those used with su(1) and Cisco IOS "enable" passwords.
Solution:   OpenSSH.org released OpenSSH 2.5.2 to provide improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic," as well as other improvements. See vendor site (http://openssh.org/)
Vendor URL:  www.openssh.org (Links to External Site)
Cause:   Authentication error, Randomization error
Underlying OS:  Linux (Any), Apple (Legacy "classic" Mac), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 27 2001 Weaknesses in SSH Protocols Can Facilitate Attacks Through Passive Monitoring of Protocol Traffic



 Source Message Contents

Subject:  OpenSSH-2.5.2 (fwd)


---------- Forwarded message ----------
Date: Thu, 22 Mar 2001 11:49:03 +0100
From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>
To: announce@openbsd.org
Subject: OpenSSH-2.5.2

OpenSSH 2.5.2 is now available from the mirror sites
listed at http://www.openssh.com/

Security related changes:
	Improved countermeasure against "Passive Analysis of SSH
	(Secure Shell) Traffic"
	http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt

	The countermeasures introduced in earlier OpenSSH-2.5.x versions
	caused interoperability problems with some other implementations.

	Improved countermeasure against "SSH protocol 1.5 session
	key recovery vulnerability"
	http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm

New options:
	permitopen authorized_keys option to restrict portforwarding.

	PreferredAuthentications allows client to specify the order in which
	authentication methods are tried.

Sftp:
	sftp client supports globbing (get *, put *).

	Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).

	Batch file (-b) support for automated transfers

Performance:
	Speedup DH exchange. OpenSSH should now be significantly faster when
	connecting use SSH protocol 2.

	Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
	much faster throughput in a well scrutinised cipher.

Bugfixes:
	stderr handling fixes in SSH protocol 2.

	Improved interoperability.

Client:
	The client no longer asks for the the passphrase if the key
	will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

Miscellaneous:
	scp should now work for files > 2GB

	ssh-keygen can now generate fingerprints in the "bubble babble"
	format for exchanging fingerprints with SSH.COM's SSH protocol 2
	implementation.

Preliminary patches for OpenBSD-2.6 are available on request.

-m


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC