Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flaw Made Public In OpenSSH Encryption

Posted by timothy on from the days-to-whom dept.

alimo20 writes "Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux. According to ISG lead professor Kenny Patterson, an attacker has a 2^{-18} (that is, one in 262,144) chance of success. Patterson tells that this is more significant than past discoveries because 'This is a design flaw in OpenSSH. The other vulnerabilities have been more about coding errors.' The vulnerability is possible by a man-in-the-middle intercepting blocks of encrypted material as it passes. The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker. Using this information, the attacker can work backwards to figure out the first 4 bytes of data before encryption. 'The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson. ... Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.'"

9 of 231 comments (clear)

  1. Old version = old news by Anonymous Coward · · Score: 5, Informative

    OpenSSH 5.2 was released in February already which has builtin countermeasures against this form of "attack." Next.

    1. Re:Old version = old news by FunPika · · Score: 5, Informative

      I think it is all below 5.2 according to http://openssh.com/security.html.

      --
      After years of not using a signature, I am going to make one to say the following: Fuck Beta
  2. Good Thing by neoform · · Score: 5, Funny

    Whew. Glad I use Telnet.

    --
    MABASPLOOM!
    1. Re:Good Thing by timeOday · · Score: 5, Funny

      But telnet transmits your credentials unencrypted! To be super-secure I simply avoid transmitting them in the first place...

      root@host# nc -l -p 1999 -c bash

      user@otherhost: nc otherhost 1999
      whoami
      rm -fR /

      (PS don't actually do this)

  3. Design flaw by aaronfaby · · Score: 5, Interesting

    If the flaw is in the design of SSH, wouldn't all OS's be effected? Why does this only effect Debian?

  4. Why so much press on this? by spinkham · · Score: 5, Informative

    This flaw was published in Nov 2008 with simple configuration fix, and OpenSSH released a default fixed version in March 2009.
    Also, this attack gives only 4 bytes of unencrypted output after crashing your session many thousands of times, which is sure to be noticed. If you were repeating the exact same network traffic in millions of SSH sessions, an attacker might get something interesting after weeks of crashing your sessions. It's just one of the lamest exploits I've seen, worth mitigating eventually, but not worth all the press it's getting, especially 6 months after release...
    The fix is simple, just use CTR mode encryption instead of CBC, or upgrade to OpenSSH 5.2 or later.
    For more details go to the OpenSSH security page.

    --
    Blessed are the pessimists, for they have made backups.
  5. Re:Not much of a threat... by morgan_greywolf · · Score: 5, Insightful

    Yes. That's why we now have replaced telnet/rsh/rcp and authenticated FTP with ssh and scp, NIS with LDAP+Kerberos, /etc/shadow, authentication in NFS, support for other filesystems like CIFS, etc.

    Microsoft, for their part, haven't changed all that much.

    --
    My blog
  6. Re:How vulnerable? by vadim_t · · Score: 5, Informative

    That's the wrong way to check it.

    Debian and Ubuntu are not going to upgrade to 5.2. They will take the security fix, backport it to 4.7, and release that as an update. If you check the version you'll get 4.7, even with the fix applied.

  7. Re:SSH standard by FMZ · · Score: 5, Funny

    Hmmm.... k. Seems there's an Asian-American in the armor of OpenSSH