Slashdot Mirror
New SSH Vulnerabilities Discovered
possible writes "Rapid7 has discovered a new class of vulnerabilities affecting SSH2 implementations from many vendors. These vulnerabilities affect a wide variety of SSH servers and SSH clients. Rapid7 designed an SSH protocol test suite called SSHredder. The SSHredder test suite contains a large number of SSH2 protocol binary test cases, and is released under the BSD license. Rapid7's testing has revealed many defects in products such as F-Secure, SSH.com, PuTTY, etc. OpenSSH and GNU LSH are not affected." Some of the affected vendors have released fixed versions, and some say there's nothing exploitable about the reported holes.
Looks like the commercial version(s) of ssh and windows ports of the ssh client were most vulnerable. ssh.com people have denied it is a problem, whereas putty developers already have a fix available. This announcement was done very professionally, with details for each vendor that they were notified and what their response was. This is the first I've heard of Rapid7, and I'm impressed at their thorough approach in announcing this vulnerability.
http://tinyurl.com/4ny52
There was already a perfectly good socket encryption protocol before SSH came along, namely SSL, which has had a reasonably functional PKI (though not as great as the vendors pretend) for years, and it's perfectly reasonable to run telnet through it. SSL-secured telnet is called "telnets", similar to https, smtps, and so forth. Https is built into just about every web browser these days. But almost nobody uses telnets.
SSH just seems to me like a case of the bad driving out the good. There was never any need for it. We should have just used telnets instead.