bugzilla-daemon at mindrot.org
2024-Jul-16 12:14 UTC
[Bug 3711] New: How do you defend against the D (HE) ater attack?
https://bugzilla.mindrot.org/show_bug.cgi?id=3711 Bug ID: 3711 Summary: How do you defend against the D (HE) ater attack? Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: rmsh1216 at 163.com The Diffie-Hellman key agreement protocol allows a remote attacker (from the client) to send arbitrary numbers that are not actually public keys and trigger an expensive server-side DHE modular exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has been flagged as a vulnerability, CVE-2002-20001 and CVE-2022-40735. Is there a way to fix this vulnerability in openssh? -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Jul-17 00:48 UTC
[Bug 3711] How do you defend against the D (HE) ater attack?
https://bugzilla.mindrot.org/show_bug.cgi?id=3711 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- Use openssh 9.8. PerSourcePenalties are on by default -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- Defend against user enumeration timing attacks - overkill
- Defend against user enumeration timing attacks - overkill
- Defend against user enumeration timing attacks - overkill
- Defend against user enumeration timing attacks - overkill
- domU cpuinfo shows only 16 KB ater upgrading to Xen-3.3.0!