Log in

No account? Create an account

Previous Entry | Next Entry

Time to Upgrade to at least Open SSH 5.2


"This is a design flaw in OpenSSH," said Patterson. "The other vulnerabilities have been more about coding errors."

According to Patterson, a man-in-the-middle attacker could sit on a network and grab blocks of encrypted text as they are sent from client to server. By re-transmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backwards to deduce what was in the OpenSSH encryption field before encryption.

The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson.

Patterson gave a talk on Monday at the IEEE Symposium on Security and Privacy in California to explain his group's research findings. The three ISG academics involved in the research were Patterson, Martin Albrecht and Gaven Watson.

This vulnerability was first made public in November 2008 by the UK Centre for the Protection of National Infrastructure (CPNI), although full details of the flaw were not then given. According to the CPNI advisory, the OpenSSH flaw could be mitigated by IT professionals using AES in counter mode (CTR) to encrypt, instead of cipher-block chaining mode (CBC).

Patterson said his group had worked with OpenSSH developers to mitigate the flaw, and that OpenSSH version 5.2 contained countermeasures.

"They've fixed [OpenSSH]; they've put countermeasures in place to stop our attack," said Patterson. "But the standard has not changed."