[19164] in bugtraq
Re: severe error in SSH session key recovery patch
daemon@ATHENA.MIT.EDU (Robert Varga)
Mon Feb 12 21:49:41 2001
Mail-Followup-To: Robert Varga <nite@hq.alert.sk>, bugtraq@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="mxv5cy4qt+RJ9ypb"
Content-Disposition: inline
Message-Id: <20010212195756.B6592@hq.alert.sk>
Date: Mon, 12 Feb 2001 19:57:56 +0100
Reply-To: Robert Varga <nite@HQ.ALERT.SK>
From: Robert Varga <nite@HQ.ALERT.SK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010211120739.A704@noc.untraceable.net>; from
atatat@ATATDOT.NET on Sun, Feb 11, 2001 at 12:07:39PM -0500
--mxv5cy4qt+RJ9ypb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Feb 11, 2001 at 12:07:39PM -0500, Andrew Brown wrote:
> > -- With the patch, the lifespan of the server key still does not go
> > below one minute. As mentioned in CORE SDI's advisory, the number
> > of server connections necessary to carry out the attack is
> > normally very large but "the number of connections given is for
> > the average case and specifics cases will fall below the
> > average". This suggests that is not entirely out of the question
> > for the attack to succeed within one minute. If that risk is not
> > appropriate in one's environment, then other measures (which may
> > include inetd/tcpserver but may also include desupporting use of
> > SSH protocol 1.5) are needed.
>=20
> 1) {
> 2) static time_t last_kill_time =3D 0;
> 3) if (time(NULL) - last_kill_time > 60 && getppid() !=3D 1)
> 4) {
> 5) last_kill_time =3D time(NULL);
> 6) kill(SIGALRM, getppid());
> 7) }
> 8) fatal("Bad result from rsa_private_decrypt");
> 9) }
Am I missing something ? time(NULL) returns something (other than 0, till
2036 at least ;-)), meaning (time(NULL) - last_kill_time) will we GREATER
than 60 (remeber - has higher priority wrt evaluation than >). That in turn
assigns the current system time to last_kill_time. It is declared static,
meaning it will RETAIN its value after the function returns, making the
above code work perfectly for the time being (next ~30 years).
--=20
Kind regards,
Robert Varga
---------------------------------------------------------------------------=
---
n@hq.sk http://hq.sk/~nite/gpgkey.=
txt
=20
--mxv5cy4qt+RJ9ypb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6iDI09aKR2/T45h8RArFRAJ4kbXxBDjGvEh2l11lA0rzMrbnp9wCgtRp4
gBcAyAaCNWoBK2N3NejqhM8=
=zea4
-----END PGP SIGNATURE-----
--mxv5cy4qt+RJ9ypb--
