<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Proposed "solution" is ugly workaround, in fact [Re: severe error in SSH session key recovery patch]

Proposed "solution" is ugly workaround, in fact [Re: severe error in SSH session key recovery patch]

From: Pavel Machek <pavel_at_UCW.CZ>
Date: Sun, 18 Feb 2001 18:13:43 +0100

Hi!

> > 1) {
> > 2) static time_t last_kill_time = 0;
> > 3) if (time(NULL) - last_kill_time > 60 && getppid() != 1)
> > 4) {
> > 5) last_kill_time = time(NULL);
> > 6) kill(SIGALRM, getppid());
> > 7) }
> > 8) fatal("Bad result from rsa_private_decrypt");
> > 9) }

This looks more like ugly workaround than proper fix to me. If
attacker can do 400*60 requests per second, he can still decrypt
private key.

Solution would be to reconfig after number of _attempts_, not
time. Plus, it is still racy, as it uses kill().

What about attacker doing 400*3600 requests before kill actually
reaches the parent?

Pavel

--
I'm pavel_at_ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss_at_linmodems.org

Received on Feb 20 2001

This message: [ Message body ]
Next message: Kanedaaa Bohater: "CGI - mailnews.cgi vulnerability..."
Previous message: Phiber: "NetSuite 1.02 web server vulnerabilty"
In reply to: Robert Varga: "Re: severe error in SSH session key recovery patch"
Next in thread: Tatu Ylonen: "Re: severe error in SSH session key recovery patch"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]