From: Ilker Gokhan (IlkerG@sumerbank.com.tr)
Date: Thu 15 Feb 2001 - 19:34:30 EET
Merhaba,
Bu konu bizim listede de konusulmustu yanlis hatirlamiyorsam. Markus bu
savlari yanitliyor...
Bilgilerinize..
Ilker G.
> -----Özgün İleti-----
> Kimden: Markus Friedl
> [mailto:Markus.Friedl@informatik.uni-erlangen.de]
> Tarih: Thursday, February 15, 2001 10:14 AM
> Kime: openssh-unix-dev@mindrot.org; ssh@clinet.fi;
> security-announce@openbsd.org; misc@openbsd.org
> Bilgi: bugtraq@securityfocus.com
> Konu: OpenSSH is _not_ vulnerable the several known problems in SSH-1
>
>
> --------------------------------------------------------------
> ---------
>
> Special OpenBSD Security Note
>
> February 14, 2001
>
> OpenSSH is _not_ vulnerable the several known problems in SSH-1
>
> --------------------------------------------------------------
> ---------
>
> The CERT Coordination Center has published the following notes about
> weaknesses in various SSH protocol version 1 implementations.
>
> Since many people using OpenSSH are worried about these issues,
> we decided to publish these notes.
>
> 1) http://www.kb.cert.org/vuls/id/565052
> "Passwords sent via SSH encrypted with RC4 can be easily cracked"
>
> 2) http://www.kb.cert.org/vuls/id/665372
> "SSH connections using RC4 and password authentication can be
> replayed"
>
> 3) http://www.kb.cert.org/vuls/id/25309
> "Weak CRC allows RC4 encrypted SSH packets to be modified without
> notice"
>
> 4) http://www.kb.cert.org/vuls/id/684820
> "SSH allows client authentication to be forwarded if encryption
> is disabled"
>
> 5) http://www.kb.cert.org/vuls/id/315308
> "Last block of IDEA-encrypted SSH packet can be changed without
> notice"
>
> 6) http://www.kb.cert.org/vuls/id/786900
> "SSH host key authentication can be bypassed when DNS is used
> to resolve localhost"
>
> 7) http://www.kb.cert.org/vuls/id/118892
> "Older SSH clients do not allow users to disable X11 forwarding"
>
> OpenSSH is _not_ vulnerable to #1, #2 and #3 since OpenSSH does not
> allow RC4 in its SSH protocol 1 implementation.
>
> OpenSSH is _not_ vulnerable to #4 since OpenSSH does not allow
> encryption to be disabled.
>
> OpenSSH is _not_ vulnerable to #5 since OpenSSH does not support
> IDEA.
>
> OpenSSH is _not_ vulnerable to #6 since OpenSSH does not resolve
> "localhost". OpenSSH uses the resolved IP-address and disables the
> host key authentication for 127.0.0.1 only.
>
> OpenSSH is _not_ vulnerable to #7 since OpenSSH permits users to
> disable X11 forwarding, and this is the default configuration in
> the OpenSSH client.
>
> The SSH protocol version 2 (a.k.a. SecSH) is not affected by problems
> #1, #2, #3, #4 and #5.
>
> The OpenSSH client currenly defaults to preferring SSH-1 protocol
> over SSH-2 protocol, but in a future release the default will soon
> change, since the SSH-2 protocol support has improved considerably.
>
> --------------------------------------------------------------
> ---------
>
Bu e-postada bulunan tüm fikir ve görüşler ve ekindeki dosyalar sadece adres
sahib(ler)ine ait olup, Sümerbank A.Ş hiç bir şekilde sorumlu tutulamaz.
The information contained in this E-Mail and any files transmitted with it
are intended solely for the use of the individual or entity to whom they are
addressed and do not reflect those of Sumerbank A.S.
Listeden cikmak icin:
unsub linux
mesajini listeci@bilkent.edu.tr adresine gonderiniz.
Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
Listeci arayuzu: http://listweb.bilkent.edu.tr/yardim/bilkent/linux.html
Liste arsivinin adresi: http://listweb.bilkent.edu.tr/