openssh bugs - Jul 2024 - [Bug 3711] New: How do you defend against the D (HE) ater attack?

https://bugzilla.mindrot.org/show_bug.cgi?id=3711

            Bug ID: 3711
           Summary: How do you defend against the D (HE) ater attack?
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmsh1216 at 163.com

The Diffie-Hellman key agreement protocol allows a remote attacker
(from the client) to send arbitrary numbers that are not actually
public keys and trigger an expensive server-side DHE modular
exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has
been flagged as a vulnerability, CVE-2002-20001 and CVE-2022-40735. Is
there a way to fix this vulnerability in openssh?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3711

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Use openssh 9.8. PerSourcePenalties are on by default

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.