[Date Prev][Date Next
][Thread Prev][Thread Next
RE: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
Try http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1; to wit
(see asterisked section):
6.1 What known security bugs exist in which versions of ssh?
All versions of ssh prior to 188.8.131.52 had a security flaw which allowed
local users to get access to the secret host key. This is fixed in 1.2.13
If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode, local
users can gain root access. This is fixed by applying
ftp://ftp.cs.hut.fi/pub/ssh/ssh-osf1-c2-setluid.patch or by upgrading to
1.2.14 or later.
Versions of ssh prior to 1.2.17 had problems with authentication agent
handling on some machines. There is a chance (a race condition) that a
malicious user could steal another user's credentials. This should be fixed
The arcfour cipher is used in a way which makes it susceptible in version 1
of the ssh protocol. Therefore, its use has been disabled in 1.2.18 and
Don't tell them that I told you. :-)
X-Force Security Research
Internet Security Systems, Inc.
678.443.6241 / fax 678.443.6479
Adaptive Network Security for the Enterprise
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com]On Behalf Of Adam
> Sent: Wednesday, July 28, 1999 2:24 PM
> To: Steven M. Christey; firstname.lastname@example.org
> Subject: Re: PROPOSAL: Cluster 27 - VERIFY-TOOL (7 candidates)
> On Tue, Jul 27, 1999 at 09:35:04PM -0400, Steven M. Christey wrote:
> | Candidate: CAN-1999-0248
> | Published:
> | Final-Decision:
> | Interim-Decision:
> | Modified:
> | Announced: 19990728
> | Assigned: 19990607
> | Category: SF
> | sshd 1.2.17 can be compromised through the SSH protocol.
> | VOTE: modify http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html
> looks to me to be about the correct message that came from Tatu.
> There are comments in changelog: * Improved the security of
> I'm not in favor of moving this forward without additional detail, but
> thought I'd add a confirming URL and comment. We have insufficient
> detail to accept it as a CVE.