Design flaw in OpenSSH, fixed in 5.2

A design flaw in OpenSSH has been found. With a one in 262,144 chance of success, a man-in-the-middle attack could render data in plaintext. The issue is not caused by a coding error, but rather the RFC standard.

By re-transmitting the blocks to the server, an attacker can work out the first four bytes of corresponding plaintext. The attacker can do this by counting how many bytes the attacker sends until the server generates an error message and tears down the connection, then working backwards to deduce what was in the OpenSSH encryption field before encryption.

A work around is included in version 5.2, which is not yet in Debian stable. Other distros would also be affected.


Leave a Reply

Your email address will not be published. Required fields are marked *