11/17/08 SSH Vulnerability CPNI Advisory

CPNI says: "We expect any RFC-compliant SSH implementation to be vulnerable to some form of the attack."

Reference:  http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

== SANS excerpt ==

From the article:
"If exploited, this attack can potentially allow an attacker to
recover up to 32 bits of plaintext from an arbitrary block of
ciphertext from a connection secured using the SSH protocol in
the standard configuration. If OpenSSH is used in the standard
configuration, then the attacker's success probability for
recovering 32 bits of plaintext is 2^{-18}. A variant of the
attack against OpenSSH in the standard configuration recovers 14
bits of plaintext with probability 2^{-14}. The success probability
of the attack for other implementations of SSH is not known."

Reference:  http://isc.sans.org/diary.html?storyid=5366


Effected Systems:

Ubuntu 8.04 and any SSH less than 5.1

ssh -V for version to ensure you are patched!

Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis | http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452

---

---

Windows Live Hotmail now works up to 70% faster. Sign up today.