"Stanislav Malyshev a.k.a Frodo" wrote:
> Oh. "Some". Which ones? RSAREF bug, that couldn't be seen in Israel?
> Obscure cryptography weakness, that in no way could make it weaker than
> telnet? Something else?
>From the SSH FAQ:
[SNIP]
9.2. Known security bugs with SSH
All versions of ssh prior to 1.2.12 had a security flaw which
allowed local users to get access to the secret host key. This is fixed
in 1.2.13 and later.
If you run ssh 1.2.13 on Alpha OSF 1.3 or SCO in C2 security mode,
local users can gain root access. This is fixed by applying
ftp://ftp.cs.hut.fi/pub/ssh/ssh-osf1-c2-setluid.patch or by upgrading to
1.2.27.
Versions of ssh prior to 1.2.17 had problems with authentication
agent handling on some machines. There is a chance (a race condition)
that a malicious user could steal another user's credentials. This
should be fixed in 1.2.17.
The arcfour cipher is used in a way which makes it susceptible in
version 1 of the ssh protocol. Therefore, its use has been disabled in
1.2.18 and later.
In versions prior to 1.2.23 there was a CRC32 Compensation attack
that allowed the possibility of executing arbitrary commands. For
details of the attack and/or patches, see http://www.core-sdi.com/ssh.
With 2.0.12,an sshd connection would not die, even if a complete
connection was never fully established. That is, when he came from
server B to server A, the session on server A would hang when he exits.
Upgrading to 2.0.13 should fix this problem.
[/SNIP]
Hardly obscure cryptographic weaknessess, and some have been seen "in
the wild".
--izar
[EMAIL PROTECTED] - Bindview Corporation
Security Engineer - HackerShield
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
