Backport for OpenSSH CBC Mode Information Disclosure Vulnerability

Hello List,

I stumbled upon a vulnerability in OpenSSH reported back in November
2008. http://www.securityfocus.com/bid/32319

I was a bit concerned about that flaw, and tried to find out if it is
fixed due a backport of some openSSH 5.2 upstream code. But I didn't
find neither a bug nor a DSA for that flaw.

Can you tell me how this bug is handled by Debian?

Thank you!

Niko

Hi,
* Niko Thome <niko.thome@...> [2009-06-30 11:47]:
> I stumbled upon a vulnerability in OpenSSH reported back in November
> 2008. http://www.securityfocus.com/bid/32319
>
> I was a bit concerned about that flaw, and tried to find out if it is
> fixed due a backport of some openSSH 5.2 upstream code. But I didn't
> find neither a bug nor a DSA for that flaw.
>
> Can you tell me how this bug is handled by Debian?

http://security-tracker.debian.net/tracker/CVE-2008-5161

Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@... - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Sam Kuper <sam.kuper@...> writes:
> 2009/6/30 Nico Golde
> <debian-security+ml@...<debian-security%2Bml@...>

>> http://security-tracker.debian.net/tracker/CVE-2008-5161

> Ouch! I agree with the note.

My understanding is that you then terminate the connection you're
attacking as part of the attempt to recover the cleartext unless you
happen to succeed.  I think it's going to be very hard to launch this
attack effectively in a real-world situation.  That's also upstream's
position:

    http://www.openssh.com/txt/cbc.adv

--
Russ Allbery (rra@...)               <http://www.eyrie.org/~eagle/>


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...