OpenSSH Plaintext Recovery Attack
o, somebody pointed this out to me the other day: http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt which talks about the probability of recovering some plain text from an ssh session. Having seen nothing at all from OpenSSH about this, my first reaction was "OH NO!" because it looked like they had released information without patches or a fix being available, then I looked a little closer at what was actually being talked about here.
1. Vulnerability was verified against OpenSSH 4.7p1 on Debian
ok, good, I checked my versions of OpenSSH and none of them are that old. Maybe I have some breathing room here, could be a problem that is already taken care of.
2. The attack can possibly recover 32 bits of plaintext from an arbitrary block of ciphertext from an ssh session
ok, that's 32 bits of information, not bytes, bits so not a lot, that's 4 ascii characters.
3. The probability of success is 2^{-18}
ok, so that's 1/2^18 or 1/262144, not zero, but a pretty small number, I'm feeling better.
4. The configuration must be in the default state as the attack works against CBC mode ciphers
AHA, I see the word configuration and I run to a terminal and type man sshd_config. I then search for Ciphers and lo and behold, I see I can change the configuration easily to not use CBC mode. Nice. Time to edit sshd_config and ssh_config. Here's what I added to each file:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256
Restart the daemon. Done. No need to panic. I then take a little time to look around for an OpenSSH advisory on it and I came across this http://www.openssh.com/txt/cbc.adv looks like the awesome people at OpenSSH came to the same conclusion as I did, nothing to panic about.
POSTED BY NIGEL HOUGHTON AT 11:08 AM