[21772] in bugtraq

home help back first fref pref prev next nref lref last post

Re: URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0

daemon@ATHENA.MIT.EDU (Thomas Roessler)
Mon Jul 23 11:59:21 2001

Date: Mon, 23 Jul 2001 17:42:12 +0200
From: Thomas Roessler <roessler@does-not-exist.org>
To: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Cc: BUGTRAQ@securityfocus.com, customer.service@ssh.com
Message-ID: <20010723174212.A2219@sobolev.does-not-exist.org>
Mail-Followup-To: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>,
	BUGTRAQ@SECURITYFOCUS.COM, customer.service@ssh.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62"
Content-Disposition: inline
In-Reply-To: <tg3d7pfl0s.fsf@mercury.rus.uni-stuttgart.de>

--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2001-07-22 10:03:31 +0200, Florian Weimer wrote:

>A quick glance at the source code suggests that SSH 2.3.0 and=20
>2.4.0 have the same problem.  Is this true?

I suppose we are talking about this section of ssh 2.4.0's
sshunixuser.c:

   940
   941	  /* Authentication is accepted if the encrypted passwords are ident=
ical. */
   942	#ifdef HAVE_HPUX_TCB_AUTH
   943	  return strncmp(encrypted_password, correct_passwd,
   944	                 strlen(correct_passwd)) =3D=3D 0;
   945	#else /* HAVE_HPUX_TCB_AUTH */
   946	  return strcmp(encrypted_password, correct_passwd) =3D=3D 0;
   947	#endif /* HAVE_HPUX_TCB_AUTH */

If I read this correctly, it's certainly not a problem unless ssh is=20
compiled with HAVE_HPUX_TCB_AUTH defined.  In that case, it may or=20
may not be a problem.

--=20
Thomas Roessler                        http://log.does-not-exist.org/

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iQEVAwUBO1xF1NImKUTOasbBAQKt/gf/cCyWpS+lsV5WE/C3sLqu2ZGzxvaYZWHr
Oz2VDvmdRt21zDq/jCUHF4n7HjZFSfJtn+o4Ow7zo/qvPMjQ81vorGmnuBwu9NHp
+NiRSdngNY/PKzN2o8y8Yd8pW0XDenUT3a1S+sdbT1vCRJFl8E67EE+Wff92yKqs
WLb3TWJzPZndoJFeaaTvSGnpBxbKji0KEUmbWQZwgGiRbaGlqRBuFldlXLmAz0iT
Wwb2O9IxYa3obfqi+yndoS5bcnR0MId7Z4PLaNxL9UkSfsL6WAaQFdCUDWx6t0zw
2ALXLP1kuqx62pA0lPcnlU+CAfqJ0fqVOFTdOzRcTUxS5RDkySZ/xg==
=UzVv
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--
home help back first fref pref prev next nref lref last post