On Wed, 4 Oct 2000, Frater M.A.Ch.H. 999 wrote:
That's fine and dandy, but the bugtraq exploit that you are pointing to in that link is, according to the bugtraq advisory, only applicable to ssh version 1.2.27.
Other versions don't seem to be affected.
The crux of the problem is that the ssh1 protocol does not make use of cryptographically secure MACs (message authentication code), but instead relies on crc32 to provide integrity checks from insertion attacks. The problem with crc32 is it was designed to detect accidental data corruption but not to provide cryptographic verification of data integrity, so it is possible to "somewhat" easily create "different" data with the same crc32 value. Past version 1.2.27 code was added to detect someone doing this ("crc compensation"), so its not a real concern of vulnerability. But it is a theoretical design weakness, which is why MACs are used in ssh2. It is up to the admins to decide if running ssh2 is worth their time. Personally I run OpenSSH (now part of the default installation on [Free,Open]BSD) which supports both versions of the protocol much more seamlessly then the original ssh. Many people prefer ssh1, and keep in mind that some systems are ssh1 only, like the SSH available for Ciscos for example. But enough of this thread, everyone gets the point... :P -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/humble PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)