No subject
Sat Oct 25 08:25:06 MST 2008
"If exploited=2C this attack can potentially allow an attacker to
recover up to 32 bits of plaintext from an arbitrary block of=20
ciphertext from a connection secured using the SSH protocol in=20
the standard configuration. If OpenSSH is used in the standard=20
configuration=2C then the attacker's success probability for=20
recovering 32 bits of plaintext is 2^{-18}. A variant of the=20
attack against OpenSSH in the standard configuration recovers 14=20
bits of plaintext with probability 2^{-14}. The success probability=20
of the attack for other implementations of SSH is not known."
Reference: http://isc.sans.org/diary.html?storyid=3D5366
Effected Systems:
Ubuntu 8.04 and any SSH less than 5.1
ssh -V for version to ensure you are patched!
Obnosis.com | http://en.wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=3Dobnosis (503)754-4452
_________________________________________________________________
Windows Live Hotmail now works up to 70% faster.
http://windowslive.com/Explore/Hotmail?ocid=3DTXT_TAGLM_WL_hotmail_acq_fast=
er_112008=
--_8c545601-a8b3-47cf-a590-836b6ab532dc_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<style>
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
</style>
</head>
<body class=3D'hmmessage'>
11/17/08 SSH Vulnerability CPNI Advisory<br><br>CPNI says: "We expect any R=
FC-compliant SSH implementation to be vulnerable to some form of the attack=
."<br><br>Reference: =3B http://www.cpni.gov.uk/Docs/Vulnerability_Advi=
sory_SSH.txt<br><br>=3D=3D SANS excerpt =3D=3D<br><br>From the article:<BR>
"If exploited=2C this attack can potentially allow an attacker to<br>
recover up to 32 bits of plaintext from an arbitrary block of <br>
ciphertext from a connection secured using the SSH protocol in <br>
the standard configuration. If OpenSSH is used in the standard <br>
configuration=2C then the attacker's success probability for <br>
recovering 32 bits of plaintext is 2^{-18}. A variant of the <br>
attack against OpenSSH in the standard configuration recovers 14 <br>
bits of plaintext with probability 2^{-14}. The success probability <br>
of the attack for other implementations of SSH is not known."<BR><br>Refere=
nce: =3B http://isc.sans.org/diary.html?storyid=3D5366<br><br><br>Effec=
ted Systems:<br><br>Ubuntu 8.04 and any SSH less than 5.1<br><br>ssh -V for=
version to ensure you are patched!<br><br>Obnosis.com | =3B http://en.=
wiktionary.org/wiki/Citations:obnosis |
http://www.urbandictionary.com/define.php?term=3Dobnosis (503)754-4452<br><=
hr style=3D"width: 100%=3B height: 2px=3B"><br><br><br><br /><hr />Windows =
Live Hotmail now works up to 70% faster. <a href=3D'http://windowslive.com/=
Explore/Hotmail?ocid=3DTXT_TAGLM_WL_hotmail_acq_faster_112008' target=3D'_n=
ew'>Sign up today.</a></body>
</html>=
--_8c545601-a8b3-47cf-a590-836b6ab532dc_--
More information about the PLUG-discuss
mailing list