[12977] in bugtraq
Re: sshd1 allows unencrypted sessions regardless of server policy
daemon@ATHENA.MIT.EDU (David Schwartz)
Wed Dec 15 19:18:24 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000801bf4743$e8502290$021d85d1@youwant.to>
Date: Wed, 15 Dec 1999 13:32:37 -0800
Reply-To: David Schwartz <davids@WEBMASTER.COM>
From: David Schwartz <davids@WEBMASTER.COM>
X-To: Joseph Moran <jmoran@IPASS.NET>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSF.4.10.9912150058510.498-100000@gwydion.null>
> That aside, this hole could be useful in a situation where Party A wants
> to help Party B compromise a system without leaving a paper trail. Party
> A trojans an ssh client binary, Innocent Bystander C does an ssh
> connection somewhere, and Party B sniffs the cleartext traffic. No
> evidence to point to Party B. If instead Party A trojaned the binary to
> send Party B a carbon-copy, and a white hat could extract this, then Party
> B is implicated.
>
> jm
Nonsense. He could just as easily trojan ssh to broadcast the encryption
key. If he can sniff the cleartext traffic, he can sniff the key. The point
stands -- a server cannot protect you against a client compromise.
DS
