[23184] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Analysis of SSH crc32 compensation attack detector exploit

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Nov 19 16:10:46 2001

To: Dave Dittrich <dittrich@cac.washington.edu>
Cc: BUGTRAQ@securityfocus.com
From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>
Date: 19 Nov 2001 14:30:36 +0100
Message-ID: <tg6686yjk3.fsf@mercury.rus.uni-stuttgart.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

(nobody) writes:

> Dave Dittrich <dittrich@cac.washington.edu> writes:
> 
> > The analysis has been updated to reflect this, and the script
> > modified somewhat.  The most recent version can be found at:
> > 
> > 	http://staff.washington.edu/dittrich/misc/ssh-analysis.txt

On some architectures, otherwise vulnerable SSH 1.2.2x versions are
not vulnerable because word16 and word32 are the same data type
(UNICOS/mk on Cray T3E appears to be in this category, the same is
probably true for a few other supercomputers.)

-- 
Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23184] in bugtraq

Re: Analysis of SSH crc32 compensation attack detector exploit

daemon@ATHENA.MIT.EDU (Florian Weimer)Mon Nov 19 16:10:46 2001

daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Nov 19 16:10:46 2001