SSH Protocol 1.5 Session Key Disclosure

2001-02-07T00:00:00
ID OSVDB:729
Type osvdb
Reporter OSVDB
Modified 2001-02-07T00:00:00

Description

Vulnerability Description

The SSH protocol 1 is not secure. By capturing and logging the packets transmitted between a client and a server, an opponent could make use of a captured encrypted session key to launch a Bleichenbacher attack together with a simple timing attack. If the session key is successfully decrypted, the saved packets can easily be decrypted in a uniform manner.

Technical Description

Look for one the following versions in the SSHD banner: '1.33' '1.5' '1.99'

Solution Description

Protocol 1 should be disabled. For OpenSSH, change the 'Protocol' option to 'Protocol 2' and remove any other 'Protocol' option lines from the sshd_config file. For the Commercial SSH from ssh.com change the 'Ssh1Compatibility' option to 'no'.

Short Description

The SSH protocol 1 is not secure. By capturing and logging the packets transmitted between a client and a server, an opponent could make use of a captured encrypted session key to launch a Bleichenbacher attack together with a simple timing attack. If the session key is successfully decrypted, the saved packets can easily be decrypted in a uniform manner.

References:

ISS X-Force ID: 6082 CVE-2001-0361 CIAC Advisory: m-017 CIAC Advisory: l-047 CERT VU: 161576 Bugtraq ID: 2344