No subject


Sat Oct 25 08:25:06 MST 2008


"If exploited=2C this attack can potentially allow an attacker to

recover up to 32 bits of plaintext from an arbitrary block of=20

ciphertext from a connection secured using the SSH protocol in=20

the standard configuration. If OpenSSH is used in the standard=20

configuration=2C then the attacker's success probability for=20

recovering 32 bits of plaintext is 2^{-18}. A variant of the=20

attack against OpenSSH in the standard configuration recovers 14=20

bits of plaintext with probability 2^{-14}. The success probability=20

of the attack for other implementations of SSH is not known."
Reference:  http://isc.sans.org/diary.html?storyid=3D5366


Effected Systems:

Ubuntu 8.04 and any SSH less than 5.1

ssh -V for version to ensure you are patched!

Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=3Dobnosis (503)754-4452




_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=3DTXT_TAGLM_WL_hotmail_acq_fast=
er_112008=

--_8c545601-a8b3-47cf-a590-836b6ab532dc_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style>
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
</style>
</head>
<body class=3D'hmmessage'>
11/17/08 SSH Vulnerability CPNI Advisory<br><br>CPNI says: "We expect any R=
FC-compliant SSH implementation to be vulnerable to some form of the attack=
."<br><br>Reference:&nbsp=3B http://www.cpni.gov.uk/Docs/Vulnerability_Advi=
sory_SSH.txt<br><br>=3D=3D SANS excerpt =3D=3D<br><br>From the article:<BR>
"If exploited=2C this attack can potentially allow an attacker to<br>
recover up to 32 bits of plaintext from an arbitrary block of <br>
ciphertext from a connection secured using the SSH protocol in <br>
the standard configuration. If OpenSSH is used in the standard <br>
configuration=2C then the attacker's success probability for <br>
recovering 32 bits of plaintext is 2^{-18}. A variant of the <br>
attack against OpenSSH in the standard configuration recovers 14 <br>
bits of plaintext with probability 2^{-14}. The success probability <br>
of the attack for other implementations of SSH is not known."<BR><br>Refere=
nce:&nbsp=3B http://isc.sans.org/diary.html?storyid=3D5366<br><br><br>Effec=
ted Systems:<br><br>Ubuntu 8.04 and any SSH less than 5.1<br><br>ssh -V for=
 version to ensure you are patched!<br><br>Obnosis.com |&nbsp=3B http://en.=
wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=3Dobnosis (503)754-4452<br><=
hr style=3D"width: 100%=3B height: 2px=3B"><br><br><br><br /><hr />Windows =
Live Hotmail now works up to 70% faster. <a href=3D'http://windowslive.com/=
Explore/Hotmail?ocid=3DTXT_TAGLM_WL_hotmail_acq_faster_112008' target=3D'_n=
ew'>Sign up today.</a></body>
</html>=

--_8c545601-a8b3-47cf-a590-836b6ab532dc_--


More information about the PLUG-discuss mailing list