11/17/08 SSH Vulnerability CPNI Advisory

CPNI says: "We expect any RFC-compliant SSH implementation to be vulnerable to some form of the attack."

Reference:  http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

== SANS excerpt ==

From the article:
"If exploited, this attack can potentially allow an attacker to

recover up to 32 bits of plaintext from an arbitrary block of 

ciphertext from a connection secured using the SSH protocol in 

the standard configuration. If OpenSSH is used in the standard 

configuration, then the attacker's success probability for 

recovering 32 bits of plaintext is 2^{-18}. A variant of the 

attack against OpenSSH in the standard configuration recovers 14 

bits of plaintext with probability 2^{-14}. The success probability 

of the attack for other implementations of SSH is not known."
Reference:  http://isc.sans.org/diary.html?storyid=5366


Effected Systems:

Ubuntu 8.04 and any SSH less than 5.1

ssh -V for version to ensure you are patched!

Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452




_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008