11/17/08 SSH Vulnerability CPNI Advisory
CPNI says: "We expect any RFC-compliant SSH implementation to be vulnerable to some form of the attack."
Reference:
http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt
== SANS excerpt ==
From the article:
"If exploited, this attack can potentially allow an attacker to
recover up to 32 bits of plaintext from an arbitrary block of
ciphertext from a connection secured using the SSH protocol in
the standard configuration. If OpenSSH is used in the standard
configuration, then the attacker's success probability for
recovering 32 bits of plaintext is 2^{-18}. A variant of the
attack against OpenSSH in the standard configuration recovers 14
bits of plaintext with probability 2^{-14}. The success probability
of the attack for other implementations of SSH is not known."
Reference:
http://isc.sans.org/diary.html?storyid=5366
Effected Systems:
Ubuntu 8.04 and any SSH less than 5.1
ssh -V for version to ensure you are patched!
Obnosis.com |
http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=obnosis (503)754-4452
_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_faster_112008---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss 
(text/plain)