Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: OpenSSH, information disclosure via CBC

November 2008 by Vigil@nce

SYNTHESIS

An attacker capturing an OpenSSH session has a low probability to obtain 32 bits of plain text.

Gravity: 1/4

Consequences: data reading

Provenance: LAN

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: unique source (2/5)

Diffusion of the vulnerable configuration: low (1/3)

Creation date: 18/11/2008

IMPACTED PRODUCTS

- OpenSSH

DESCRIPTION

The OpenSSH program encrypts data of sessions using a CBC (Cipher Block Chaining) algorithm by default.

If an attacker creates an error in the session,
- he has one chance over 262144 (2^18) to obtain 32 bits of the unencrypted session
- he has one chance over 16384 (2^14) to obtain 14 bits of the unencrypted session This attack interrupts the SSH session, so the victim detects that a problem occurred.

This vulnerability does not impact the CTR (Counter) algorithm.

An attacker capturing an OpenSSH session, and injecting invalid data, thus has a low probability to obtain some bits of plain text.

CHARACTERISTICS

Identifiers: BID-32319, VIGILANCE-VUL-8251

http://vigilance.fr/vulnerability/8251




See previous articles

    

See next articles