From owner-freebsd-security  Fri Nov 30  1:39:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213])
	by hub.freebsd.org (Postfix) with ESMTP id 8E6A537B405
	for <freebsd-security@FreeBSD.ORG>; Fri, 30 Nov 2001 01:39:46 -0800 (PST)
Received: (from emechler@localhost)
	by radix.cryptio.net (8.11.6/8.11.6) id fAU9dds16865;
	Fri, 30 Nov 2001 01:39:39 -0800 (PST)
	(envelope-from emechler)
Date: Fri, 30 Nov 2001 01:39:39 -0800
From: Erick Mechler <emechler@techometer.net>
To: bsd-sec@boneyard.lawrence.ks.us
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: sshd exploit
Message-ID: <20011130013939.Q67199@techometer.net>
References: <20011129012235.U6446-100000@achilles.silby.com> <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.10.10111300105070.99377-100000@madeline.boneyard.lawrence.ks.us>; from bsd-sec@boneyard.lawrence.ks.us on Fri, Nov 30, 2001 at 01:30:57AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:: > The CRC bug was fixed in 2.3.0, which was merged into -stable before the
:: > release of freebsd 4.3.  If 3.0.1's giving you any enhanced immunity, it's
:: > to a bug which has not yet been announced.
:: > 
:: > If there _is_ a new bug, and it follows the decription in the url posted
:: > earlier in the thread, it's probably also SSHv1 related, and can be
::  [...]
:: 
:: Perhaps so.  However, at the univeristy department where I work, RH Linux lab 
:: machines running both 2.5.x and 2.9.x versions of OpenSSH were indeed 
:: compromised while running ssh version 1.

[snip]

This is, and someone correct me if I'm wrong, not what everyone else's
experience has been with the crc32 attack in SSHv1.  According to all
reports I've read, including the long, detailed message sent by the
Security Officer to this same list entitled "Lack of evidence for new SSH
vulnerability" a few hours before yours, this bug was fixed in 2.3.0.  
Instead of attempting to cause more panic, care to send us more info?  Did
the cracked boxes exhibit the same characteristics as those described in
Dittrich's analysis?  Can anybody else on this list either verify or deny
the claims made here?

Stephen, please don't think I'm picking on you, I just want to make sure
that we're not all talking about the same exploit.

Cheers - Erick

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message