Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Flaw Made Public In OpenSSH Encryption

timothy posted more than 5 years ago | from the days-to-whom dept.

Security 231

alimo20 writes "Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux. According to ISG lead professor Kenny Patterson, an attacker has a 2^{-18} (that is, one in 262,144) chance of success. Patterson tells that this is more significant than past discoveries because 'This is a design flaw in OpenSSH. The other vulnerabilities have been more about coding errors.' The vulnerability is possible by a man-in-the-middle intercepting blocks of encrypted material as it passes. The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker. Using this information, the attacker can work backwards to figure out the first 4 bytes of data before encryption. 'The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson. ... Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.'"

cancel ×

231 comments

Sorry! There are no comments related to the filter you selected.

im (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28043629)

I'm sure it not an issue on /. unless of of course if m$ owned it

Re:im (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28043943)

The bitches own it now. The religious snatches and other shills whote with safe, pithy posts devoid of all risk and individuality. It's no coincidence that certain readers submit 80% of the articles and the highest-scoring of the first few posts.

Occasionally some Slashdot readers earnestly earn excellent karma but are able to form enough of their own opinion to post controversial and dangerous words which make the bitchboys uncomfortable. The pussilanimous maintain a shitlist with those whose views run counter to their own or whose words encourage uncomfortable but rational discussion.

The bitchboys, armed with karma from years of whoring as well as strength in numbers forged by religious groupthink, whine and complain to slashdot admins until the admins have little choice but to "cheat" -- that is, to censure the deviants and malcontents who dare express opinions which run counter to the status quo.

The bitchboys rule slashdot. Enjoy your safe, sterile conversation kids!

Nooooooooo! (0)

Anonymous Coward | more than 5 years ago | (#28043665)

Theo?

Re:Nooooooooo! (0)

Anonymous Coward | more than 5 years ago | (#28044335)

OpenSSH is broke'd, ya see?

Re:Nooooooooo! (0)

Anonymous Coward | more than 5 years ago | (#28044593)

Again!?

Old version = old news (5, Informative)

Anonymous Coward | more than 5 years ago | (#28043689)

OpenSSH 5.2 was released in February already which has builtin countermeasures against this form of "attack." Next.

Re:Old version = old news (2, Informative)

Thornburg (264444) | more than 5 years ago | (#28043819)

I agree. I just checked all the machines I have immediate access to, and they are all on 5.1. Why does a vulnrability in 4.7 matter?

Re:Old version = old news (1)

characterZer0 (138196) | more than 5 years ago | (#28043863)

Does 5.1 include the countermeasures?

It sounds like many versions of many implementations are vulnerable. OpenSSH 4.7 in Debian was just the one they used to test it.

Re:Old version = old news (5, Informative)

FunPika (1551249) | more than 5 years ago | (#28044153)

I think it is all below 5.2 according to http://openssh.com/security.html [openssh.com] .

Re:Old version = old news (1)

drawfour (791912) | more than 5 years ago | (#28044147)

If they're on 5.1, they may be vulnerable. The parent to your post said that 5.2 was released in February, which contains the fix. He didn't say if that's the first version that has the fix or not, but if it is, then your 5.1 is still vulnerable.

Re:Old version = old news (4, Informative)

againjj (1132651) | more than 5 years ago | (#28044163)

5.1 does not have the countermeasures. 5.2 does. Upgrade.

Though, while the leaked information is significant, the chance at getting it in tiny, so the risk is small.

Re:Old version = old news (1)

neoform (551705) | more than 5 years ago | (#28044905)

Where can I get an rpm of 5.2? All my repos don't have it.. :(

Re:Old version = old news (4, Informative)

Hurricane78 (562437) | more than 5 years ago | (#28045365)

eix-sync && emerge -auDNtv world && echo "Yay :D"

Re:Old version = old news (1)

buchner.johannes (1139593) | more than 5 years ago | (#28045131)

What if you have 262144 machines?

Or what if you do a ssh-rsync backup every day? I mean the attacker has the time ...

That is not unrealistic.
Furthermore, the risk is unknown, as it is also determined by the value of your data, not only by the likelihood of a successful attack.

Re:Old version = old news (4, Funny)

Prof.Phreak (584152) | more than 5 years ago | (#28044423)

O_o

$ ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003

Re:Old version = old news (1)

Tubal-Cain (1289912) | more than 5 years ago | (#28044907)

What distro are you using?

Re:Old version = old news (0)

Anonymous Coward | more than 5 years ago | (#28045405)

I get the exact same thing on my CentOS 4.6 and RHE WS 4 boxes. I can't be bothered to upgrade or patch anything.

Re:Old version = old news (4, Insightful)

againjj (1132651) | more than 5 years ago | (#28044129)

The interesting part here is that more details have been released about what the flaw actually was. Before, it was merely "there is a flaw, and we have notified vendors", but now more details are available. In particular, that while 5.2 has countermeasures, it is a flaw in the protocol itself, and not the implementation. "Countermeasure" does not equal "completely solved".

Re:Old version = old news (1)

RajivSLK (398494) | more than 5 years ago | (#28044399)

The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker.

This seems easily fixable. Have the server wait a random amount of time (say between 1 and 5 seconds) before throwing an error and disconnecting. During the "wait" period the server would continue to accept data and simply pipe it to /dev/null.

Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.

True, but a username/password string is a pretty short message.

Re:Old version = old news (1)

Simetrical (1047518) | more than 5 years ago | (#28045061)

This seems easily fixable. Have the server wait a random amount of time (say between 1 and 5 seconds) before throwing an error and disconnecting. During the "wait" period the server would continue to accept data and simply pipe it to /dev/null.

Then you wait five seconds between each byte you send. You could also say the server should accept a random number of bytes before giving the error, but that's still only going to slow an attacker down. Just keep submitting the same string over and over, and if you know the distribution of the number of extra bytes accepted, you can figure out to arbitrarily high probability which byte was really responsible for the error. Just check the average byte number rejected after a hundred tries, say, and then subtract however many extra bytes the server will add on average.

Re:Old version = old news (4, Insightful)

dave562 (969951) | more than 5 years ago | (#28044705)

It may be the "old" version, but it is the version most readily available. I setup an Ubuntu server (9.04) a couple of months ago. I used apt to get OpenSSH on it last month. The version it retrieved is

OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007

Just because a new version is out doesn't mean people are using it. People who rely on package maintainers or "the community" to help them out and keep things up to date could very well be let down. Moral of the story, if you want something done right, you have to do it yourself.

Re:Old version = old news (3, Insightful)

sirsnork (530512) | more than 5 years ago | (#28044889)

Why? Given the now public nature of this and the fact that there are countermeasures how long do you think it will be until an updated package is available for Debian and all it's children projects?

I'm guessing a few days to a week before these countermeasures are patched into Debian's version. The whole point of ditributions is because keeping every piece of software up to date manually on even a single linux box is an arduous task at best.

Re:Old version = old news (1, Informative)

Anonymous Coward | more than 5 years ago | (#28044949)

Debian and Ubuntu frequently backport fixes rather than upgrade package versions, although in this case the date is listed as Oct 2007 and it might be infeasible to backport a fix if it requires major design changes.

Re:Old version = old news (1)

asdf7890 (1518587) | more than 5 years ago | (#28045071)

If that is the case, then they have updated recently.

Ubuntu/Jaunty (9.04) on my netbook reports the openssh-server package in the standard repo to be 5.1pl-5ubuntu1. Debian/Lenny (5.0, current "stable") shows 5.1p1-5 also. Hopefully an update to 5.2 is coming soon, though 5.2 isn't even in Sid (unstable) yet, so maybe not. Then again, they may have back-ported the changes for this issue instead of upgrading to the full point release. That sort of thing does sometimes happen.

The package in Etch ("oldstable", still very common as Lenny was only promoted to stable a short while ago) is still 4.3p2-9etch3 and I doubt that will get upgraded unless the attack practically useful.

Ubuntu LTS? (0)

Anonymous Coward | more than 5 years ago | (#28044783)

Which version is "1:4.7p1-8ubuntu1.2" in Ubuntu's nomenclature?

Launchpad page says "Published on 2008-05-14" which doesn't give me warm fuzzies.
https://launchpad.net/ubuntu/hardy/+source/openssh/1:4.7p1-8ubuntu1.2 [launchpad.net]

Re:Old version = old news (1)

le_lotus_604 (752411) | more than 5 years ago | (#28045127)

waiting for Apple's fix in 7 months

Good Thing (5, Funny)

neoform (551705) | more than 5 years ago | (#28043691)

Whew. Glad I use Telnet.

ZOMG TEH LUNIX!!! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28044697)

"Lunix is teh safer"

LOLZ!

Re:Good Thing (0)

Anonymous Coward | more than 5 years ago | (#28044899)

Whew. Glad I use Telnet.

hahaha XD

Not much of a threat... (0)

WED Fan (911325) | more than 5 years ago | (#28043721)

...as we know, it's only a threat if people use the OS in question.

Re:Not much of a threat... (2, Interesting)

.sig (180877) | more than 5 years ago | (#28043765)

Anyone else remember when Unix was the usual target, and MS/DOS the "safe" OS?

Re:Not much of a threat... (0)

Anonymous Coward | more than 5 years ago | (#28043847)

Remember when slashdot wasn't full of old fogies?

Re:Not much of a threat... (1)

cptnapalm (120276) | more than 5 years ago | (#28043919)

No.

Re:Not much of a threat... (1, Funny)

Anonymous Coward | more than 5 years ago | (#28043935)

Get off my lawn!

Re:Not much of a threat... (2, Funny)

cptnapalm (120276) | more than 5 years ago | (#28043983)

This is not your lawn. The property line clearly indicates...

wait a minute...

you are on MY LAWN!

Re:Not much of a threat... (1)

bondjamesbond (99019) | more than 5 years ago | (#28044857)

<--- who you calling old?

Re:Not much of a threat... (1)

DamageLabs (980310) | more than 5 years ago | (#28043957)

Anyone else remember when VMS was the usual target, and Unix the "safe" OS?

Re:Not much of a threat... (3, Funny)

.sig (180877) | more than 5 years ago | (#28044003)

Anyone else remember when stone tablets were the usual target, and cave drawings considered "safe"?

Re:Not much of a threat... (0)

Anonymous Coward | more than 5 years ago | (#28044249)

Anyone else remember when stone tablets were the usual target, and cave drawings considered "safe"?

Guess you never met a cave bear face to face.

Re:Not much of a threat... (5, Insightful)

morgan_greywolf (835522) | more than 5 years ago | (#28044411)

Yes. That's why we now have replaced telnet/rsh/rcp and authenticated FTP with ssh and scp, NIS with LDAP+Kerberos, /etc/shadow, authentication in NFS, support for other filesystems like CIFS, etc.

Microsoft, for their part, haven't changed all that much.

Re:Not much of a threat... (0)

Anonymous Coward | more than 5 years ago | (#28045031)

Well of course it was, and still is, a "safe" OS! Any non-networked computer is safe from remote attacks.

Re:Not much of a threat... (4, Informative)

characterZer0 (138196) | more than 5 years ago | (#28043797)

Did you read the article?

It indicates that it effects SSH in general, not only one particular implementation.

Re:Not much of a threat... (1)

xouumalperxe (815707) | more than 5 years ago | (#28045013)

Article? Even the summary would've sufficed.

SSH standard (4, Informative)

jgtg32a (1173373) | more than 5 years ago | (#28043753)

From the article it seems that it is more of a design flaw of SSH and not specifically OpenSSH

And in other news it also appears that the word "chink" is banned in the comments section.

Re:SSH standard (1)

buchner.johannes (1139593) | more than 5 years ago | (#28045157)

And in other news it also appears that the word "chink" is banned in the comments section.

Interesting. Someone should submit a story!

Re:SSH standard (0)

Anonymous Coward | more than 5 years ago | (#28045221)

what is a 'chink' and why would you ban it?

Re:SSH standard (3, Funny)

SoupGuru (723634) | more than 5 years ago | (#28045223)

Also, dude, chink is not the preferred nomenclature. Asian-American, please.

Design flaw (5, Interesting)

aaronfaby (741318) | more than 5 years ago | (#28043813)

If the flaw is in the design of SSH, wouldn't all OS's be effected? Why does this only effect Debian?

Re:Design flaw (3, Informative)

Anonymous Coward | more than 5 years ago | (#28044155)

Damnit, it's affect.

Re:Design flaw (3, Informative)

Anonymous Coward | more than 5 years ago | (#28044507)

Debian packagers, in their infinite wisdom, compile with gcc -flots-of-spurious-warnings and comment out anything that they don't understand.

They have a history of fucking up packages (including openssh).

OKay (2, Funny)

JamesP (688957) | more than 5 years ago | (#28043823)

The 2^-18 is _really_scary_

The 'first 4 bytes', not so much.

So, meh. Of course true hardcore cryptanalysts are sure to be already ditching OpenSSH or maybe piping it through GPG first.

Re:OKay (3, Informative)

characterZer0 (138196) | more than 5 years ago | (#28043895)

Being able to determine the first four bytes is what makes it 2^-18 instead of something much much smaller.

Re:OKay (1)

SanityInAnarchy (655584) | more than 5 years ago | (#28044337)

Nah, we'll just be using an up-to-date OpenSSH. On my Ubuntu boxes, it's already 5.1, whereas the tested version was 4.7.

Re:OKay (3, Informative)

Tubal-Cain (1289912) | more than 5 years ago | (#28045027)

On my Ubuntu boxes, it's already 5.1...

The fix is in 5.2

Re:OKay (2, Funny)

Anonymous Coward | more than 5 years ago | (#28044567)

The 2^-18 is _really_scary_

The 'first 4 bytes', not so much.

So, meh. Of course true hardcore cryptanalysts are sure to be already ditching OpenSSH or maybe piping it through GPG first.

Fuck gubfr onfgneqf, ebg13 vf tbbq rabhtu sbe nalbar.

captcha: rotator

Re:OKay (4, Funny)

swillden (191260) | more than 5 years ago | (#28045285)

The 2^-18 is _really_scary_

The 'first 4 bytes', not so much.

So, meh. Of course true hardcore cryptanalysts are sure to be already ditching OpenSSH or maybe piping it through GPG first.

Fuck gubfr onfgneqf, ebg13 vf tbbq rabhtu sbe nalbar.

Allow me to translate:

$ echo "Fuck gubfr onfgneqf, ebg13 vf tbbq rabhtu sbe nalbar." | caesar
Shpx those bastards, rot13 is good enough for anyone.

Wait, what? (4, Insightful)

JSBiff (87824) | more than 5 years ago | (#28043833)

". . .discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux."

"The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH"

So which is it, is it an implementation specific bug, which is specific to OpenSSH on Linux specifically, OpenSSH on all O/Ses, or is it a flaw in the RFC, which should make it exploitable on *all* implementations of SSH, shouldn't it? How can a flaw in the standard only be exploitable in one version of one implementation of the standard on one specific target OS?

Re:Wait, what? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#28044677)

". . .discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux."

"The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH"

So which is it, is it an implementation specific bug, which is specific to OpenSSH on Linux specifically, OpenSSH on all O/Ses, or is it a flaw in the RFC, which should make it exploitable on *all* implementations of SSH, shouldn't it? How can a flaw in the standard only be exploitable in one version of one implementation of the standard on one specific target OS?

How can a flaw in the standard only be exploitable in one version of one implementation of the standard on one specific target OS?

Easy. Flawed standards only affect developers that follow standards. Maybe everyone else is doing something wrong.

Re:Wait, what? (1)

dave562 (969951) | more than 5 years ago | (#28044809)

Take a look at all of the uproar over Microsoft's interpretation of the ODF standard and it's pretty easy to see how different developers can take something that is "the same" and make it "different".

Re:Wait, what? (2, Insightful)

Lord Ender (156273) | more than 5 years ago | (#28045233)

Standards don't necessarily define all behavior an application. Therefore, some versions will dance to the hackers tune when fed bad data, while others may not.

Re:Wait, what? (2, Informative)

Jonner (189691) | more than 5 years ago | (#28045319)

This is not in the least insightful. If you read TFA, you'll see that since the flaw is in the standard specification, it does affect all implementations. The article doesn't say the flaw is only on Debian; it says that's where the flaw was found.

How vulnerable? (3, Informative)

Anonymous Coward | more than 5 years ago | (#28043851)

According to TFA, "OpenSSH version 5.2 contain[s] countermeasures". For Ubuntu users, note that Ubuntu 8.04 LTS (Hardy) is using [ubuntu.com] the vulnerable version 4.7. Versions 8.10 (Intrepid) [ubuntu.com] and above [ubuntu.com] appear to use version 5.1.

Does anyone know whether 5.1 contains the flaw and/or the "countermeasures"?

Also, can any security gurus comment on the danger level here? It sounds like there is a low-probability to access a small amount of information... but the very existence of this vulnerability makes me uncomfortable. Also, why does it mention Debian specifically? Don't most distros use an OpenSSH package based on the exact same design? Shouldn't they all be vulnerable?

Re:How vulnerable? (5, Informative)

vadim_t (324782) | more than 5 years ago | (#28044601)

That's the wrong way to check it.

Debian and Ubuntu are not going to upgrade to 5.2. They will take the security fix, backport it to 4.7, and release that as an update. If you check the version you'll get 4.7, even with the fix applied.

Re:How vulnerable? (2, Insightful)

Lord Ender (156273) | more than 5 years ago | (#28045243)

And security scanners are going to misreport the systems with backported patches as being vulnerable :-/

Wait... (1)

FunPika (1551249) | more than 5 years ago | (#28043903)

Its in Debian? But a quick look at their repositories shows that oldstable has 4.3 and stable 5.1. Unless of course they compiled

Which is it? (2, Insightful)

glwtta (532858) | more than 5 years ago | (#28043909)

So is it a flaw in the design of SSH or in the Debian patched OpenSSH implementation? If it's the former (as the quote seems to imply), why does it matter what SSH implementation, OS they found it on? Shouldn't it affect everyone?

Some Additional Perspective FTA (4, Insightful)

Fantom42 (174630) | more than 5 years ago | (#28043945)

FTA, this vulnerability is addressed in newer versions of OpenSSH, not by fixing the specification, but by employing some kind of workaround to make it impractical. I didn't know that from the summary, since I don't really keep current on where OpenSSH is with their releases.

It seems like this attack has an awfully small chance of success. I am wondering if there is that small chance of success to decode a message after many days, or if because of the small chance of success, it would take multiple days before you had anything.

If this is really something that has almost no chance of working at all--period, I'm not too worried. If it is something that makes the encryption breakable in a few days, that's a pretty big deal and am surprised that it didn't get outed sooner as a flaw.

Can/should the RFC be revised to close this hole? Are there other (perhaps more obvious) examples of weakness in the RFC that have implementation-specific fixes applied?

Why so much press on this? (5, Informative)

spinkham (56603) | more than 5 years ago | (#28043947)

This flaw was published in Nov 2008 with simple configuration fix, and OpenSSH released a default fixed version in March 2009.
Also, this attack gives only 4 bytes of unencrypted output after crashing your session many thousands of times, which is sure to be noticed. If you were repeating the exact same network traffic in millions of SSH sessions, an attacker might get something interesting after weeks of crashing your sessions. It's just one of the lamest exploits I've seen, worth mitigating eventually, but not worth all the press it's getting, especially 6 months after release...
The fix is simple, just use CTR mode encryption instead of CBC, or upgrade to OpenSSH 5.2 or later.
For more details go to the OpenSSH security page. [openssh.com]

Re:Why so much press on this? (3, Interesting)

mr_mischief (456295) | more than 5 years ago | (#28044085)

Noticed? A good firewall that is updated regularly by a traffic analyzer should have a rule set to drop or deny the retransmissions after the first few. I guess we could have a philosophical debate about whether running code "notices" something when it matches a pattern and crosses a threshold to trigger a rule. "Notice" to me usually connotes sentience, or at least animal consciousness.

I'd just like to interject for a moment. (-1, Offtopic)

Clockwurk (577966) | more than 5 years ago | (#28043949)

What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

Re:I'd just like to interject for a moment. (2, Insightful)

jgtg32a (1173373) | more than 5 years ago | (#28044077)

This is a technicality that no one cares about anymore I think even Stallman gave up on it.

Re:I'd just like to interject for a moment. (1)

woodchip (611770) | more than 5 years ago | (#28044105)

Everybody knows this. Nobody cares, except for Richard Stallman.

Re:I'd just like to interject for a moment. (0)

Anonymous Coward | more than 5 years ago | (#28044161)

I prefer to call it Linux/X/Mozilla/Alsa/KDE/QT/BSD. Fuck GNU.

Re:I'd just like to interject for a moment. (0)

Anonymous Coward | more than 5 years ago | (#28044213)

Go back to /g/.

Re:I'd just like to interject for a moment. (0)

Anonymous Coward | more than 5 years ago | (#28044239)

Give it up, Stallman. Nobody cares.

Re:I'd just like to interject for a moment. (1)

TheSunborn (68004) | more than 5 years ago | (#28044241)

Gnu/Linux is not an operating system either.

"Fedora core 11" is an operation system.

Re:I'd just like to interject for a moment. (0)

Anonymous Coward | more than 5 years ago | (#28044879)

No. They stopped calling it "Fedora Core" ages ago. "Fedora 11" is an operating system.

Re:I'd just like to interject for a moment. (0)

Anonymous Coward | more than 5 years ago | (#28044253)

It's a troll post [google.com] from 4chan (page no longer exists -> google search link).

-1 WRONG (0, Troll)

SanityInAnarchy (655584) | more than 5 years ago | (#28044839)

You've got to be fucking kidding me.

From the summary:

Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux.

I think that's an adequate description. It is the combination of Debian, and GNU, an Linux, and many other things. Try copy/paste trolling something relevant.

And of course, calling it a GNU system is unbelievably arrogant. Why should it be called GNU/Linux, and not Debian/GNU/X.org/Apache/BSD/Linux? Recall that the software in question is OpenSSH, a project from the BSD world, and most definitely not a GNU project.

Oh, by the way, the GNU system is useless without a kernel. However, a kernel can actually be useful without running any userspace software at all -- for instance, take Coreboot, formerly LinuxBIOS, which if I recall, ran entirely in kernel-space. It's also possible to make a Linux distribution that does not include GNU -- for instance, use a non-GNU libc, and Busybox, and you have a useful (if minimal) Linux operating system without GNU.

Here's a suggestion: Drop this pointless, semantic bickering, and talk about something that matters, that actually has an impact on the realities and future of Free Software. Something like DRM, or Verified Voting, or open document standards, or Web standards, or better technology -- why are people still writing so much stuff (unnecessarily) in C? -- or free software in government, or network neutrality, or the need for marketing and business people in free software.

Because right now, it just looks embarrassing. Look at the Ubuntu homepage -- it doesn't even describe itself as Ubuntu Linux. It's just Ubuntu, and if you look at the details, you may find that it's a "Linux-based operating system". And notice the complete lack of complaints from anyone in the "Linux" community? It's only a few GNU people like you who are still bitter about the fact that Linus did in a few months what GNU took years to not do -- build a working kernel.

Re:-1 WRONG (1)

haroldpatterson (1559583) | more than 5 years ago | (#28044953)

It's only a few GNU people like you who are still bitter about the fact that Linus did in a few months what GNU took years to not do -- build a working kernel.

Hey that's not fair. They will have an alpha version of Hurd ready before 2012 and the world ends. They swear this time!

To those wondering why they mention Debian (4, Informative)

cptnapalm (120276) | more than 5 years ago | (#28043963)

It is because that happened to be the system that they found the vulnerability on.

Nothing more than that, really.

Re:To those wondering why they mention Debian (0, Troll)

Anonymous Coward | more than 5 years ago | (#28045055)

Still, it is another clear indication that Linux security is not all it is made out to be. For example OS X has a better security track record than any other operating system in the world, particularly Linux.

Re:To those wondering why they mention Debian (3, Interesting)

Pretzalzz (577309) | more than 5 years ago | (#28045145)

All current versions of Debian have 5.1p1-5 as the version of openssh[testing/unstable differences are just dependency rebuilds].

The changelog for this version includes:

* Backport from upstream CVS (Markus Friedl):

- packet_disconnect() on padding error, too. Should reduce the success probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.

This implies that older versions are more vulnerable. Not sure if this is what people are referring to as 5.2's countermeasures.

Time to break out the port knocking! (0)

Anonymous Coward | more than 5 years ago | (#28043965)

See, us weirdos who wrapped ssh inside an additional protection layer weren't being overly paranoid after all!

Re:Time to break out the port knocking! (0)

Anonymous Coward | more than 5 years ago | (#28044141)

How would port knocking help you if your are being MITM'd?

Hmm.... four bytes... (1)

tliston (669910) | more than 5 years ago | (#28044099)

Just enough to tell 'em what you think...

Re:Hmm.... four bytes... (1, Funny)

Anonymous Coward | more than 5 years ago | (#28044365)

FU!\0

Not specific to Debian ! (1)

.tom. (25103) | more than 5 years ago | (#28044107)

Obviously the flaw itself is (a) old, and (b) not specific to Debian.
The only point of (little) interest of the article is that it highlights that the SSH specifications - the RFC - has not been updated yet.

All versions from 4.7 to 5.2 are affected (2, Informative)

keeegan (1526067) | more than 5 years ago | (#28044111)

ftfa:
"The flaw, which lies in version 4.7 of OpenSSH on Debian/GNU Linux"
"Patterson said his group had worked with OpenSSH developers to mitigate the flaw, and that OpenSSH version 5.2 contained countermeasures."

They are unclear on whether or not it's only debian's repos that are affected, so I'd suggest upgrading to 5.2 or later.

YOU FAILs IT?! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28044217)

How to check SSH version (2, Informative)

kevink83 (1559645) | more than 5 years ago | (#28044407)

Command to determine openSSH version: ssh -V Output: OpenSSH_5.1p1 Debian-5ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 I assume if you get the same results as I did you are not affected because you are running version 5.1.

Re:How to check SSH version (2, Informative)

DeathCarrot (1133225) | more than 5 years ago | (#28045335)

FYI, 5.1 is affected. The countermeasure is in 5.2.

Gentoo seems to be up to date, both for arch and ~arch.

Need to be worried? (2, Interesting)

gmuslera (3436) | more than 5 years ago | (#28044443)

Implies man-in-the-middle already, and the odds of figuring 32 bits of a particular packet are somewhat low. The worst case i could think about is when i pass my password or a very specific short data (cc number?). That particular data must be the decripted one, and in the 1/256k odds of happening, IF i have someone in the middle actively trying to get it. With that chances, the attacker well could expend his time playing lotto that have more chances to win.

Of course, those numbers are regarding a specific distribution/ssh version, could be different for other versions, but still, looks somewhat hard to happen ever.

Appreciable length? (1)

Chysn (898420) | more than 5 years ago | (#28044455)

> Patterson said that he did not believe this flaw
> had been exploited in the wild, and that to
> deduce a message of appreciable length could take
> days.

Is my social security number a "message of appreciable length?"

Re:Appreciable length? (1)

profplump (309017) | more than 5 years ago | (#28045259)

Is your social security number a secret?

I understand you don't want to have it flying around, because some people use it as a secret. But it's not a secret in the first place, and there are many more likely attack vectors for your SSN than hijacking an SSH session.

Re:Appreciable length? (4, Informative)

asdf7890 (1518587) | more than 5 years ago | (#28045267)

> Patterson said that he did not believe this flaw > had been exploited in the wild, and that to > deduce a message of appreciable length could take > days.

Is my social security number a "message of appreciable length?"

Probably not on its own. Full packed it would take 33 bits, 11 bytes (88 bits, though if the attacker knew for sure that an SSN was being sent in those bytes the search space would not significantly greater than the 33 bits) if represented in pure ASCII text with separators.

As each attempt to read each 32 bits has a 11/2^18 chance of success, and assuming failure of one attempt does no extra clue as to which other patterns to try next, each 4 byte block is going to take on average 131,072 connections to infer from the server response so for the 11 byte ASCII string that is an average attack length of 393,216 connections.

While that isn't going to take long (at 4.5 connections per second you are looking at a day), any message being sent containing your SSN is going to be significatly longer than the SSN on its own so I wouldn't worry just yet.

We are still in "it would be a lot easier for the attacker to raid your bins, burgle your house, or steal records from your bank" territory here. Though there is the chance that someone improve the attack (or already has) so be vigilant and apply updated SSH packages as soon as practical once your distribution offers them.

Chick (0)

Anonymous Coward | more than 5 years ago | (#28045189)

looks like ssh has a chink in its armor

Re:Chick (0)

Anonymous Coward | more than 5 years ago | (#28045359)

Oh and he probably knows Karate Fu.

Karate Fu + Armor = Owned

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>