Markus Friedl
2001-Feb-15 08:13 UTC
OpenSSH is _not_ vulnerable the several known problems in SSH-1
----------------------------------------------------------------------- Special OpenBSD Security Note February 14, 2001 OpenSSH is _not_ vulnerable the several known problems in SSH-1 ----------------------------------------------------------------------- The CERT Coordination Center has published the following notes about weaknesses in various SSH protocol version 1 implementations. Since many people using OpenSSH are worried about these issues, we decided to publish these notes. 1) http://www.kb.cert.org/vuls/id/565052 "Passwords sent via SSH encrypted with RC4 can be easily cracked" 2) http://www.kb.cert.org/vuls/id/665372 "SSH connections using RC4 and password authentication can be replayed" 3) http://www.kb.cert.org/vuls/id/25309 "Weak CRC allows RC4 encrypted SSH packets to be modified without notice" 4) http://www.kb.cert.org/vuls/id/684820 "SSH allows client authentication to be forwarded if encryption is disabled" 5) http://www.kb.cert.org/vuls/id/315308 "Last block of IDEA-encrypted SSH packet can be changed without notice" 6) http://www.kb.cert.org/vuls/id/786900 "SSH host key authentication can be bypassed when DNS is used to resolve localhost" 7) http://www.kb.cert.org/vuls/id/118892 "Older SSH clients do not allow users to disable X11 forwarding" OpenSSH is _not_ vulnerable to #1, #2 and #3 since OpenSSH does not allow RC4 in its SSH protocol 1 implementation. OpenSSH is _not_ vulnerable to #4 since OpenSSH does not allow encryption to be disabled. OpenSSH is _not_ vulnerable to #5 since OpenSSH does not support IDEA. OpenSSH is _not_ vulnerable to #6 since OpenSSH does not resolve "localhost". OpenSSH uses the resolved IP-address and disables the host key authentication for 127.0.0.1 only. OpenSSH is _not_ vulnerable to #7 since OpenSSH permits users to disable X11 forwarding, and this is the default configuration in the OpenSSH client. The SSH protocol version 2 (a.k.a. SecSH) is not affected by problems #1, #2, #3, #4 and #5. The OpenSSH client currenly defaults to preferring SSH-1 protocol over SSH-2 protocol, but in a future release the default will soon change, since the SSH-2 protocol support has improved considerably. -----------------------------------------------------------------------