Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Analysis of SSH crc32 compensation attack detector exploit
From: Florian Weimer <Florian.Weimer () RUS Uni-Stuttgart DE>
Date: 19 Nov 2001 14:30:36 +0100

(nobody) writes:

Dave Dittrich <dittrich () cac washington edu> writes:

The analysis has been updated to reflect this, and the script
modified somewhat.  The most recent version can be found at:

    http://staff.washington.edu/dittrich/misc/ssh-analysis.txt

On some architectures, otherwise vulnerable SSH 1.2.2x versions are
not vulnerable because word16 and word32 are the same data type
(UNICOS/mk on Cray T3E appears to be in this category, the same is
probably true for a few other supercomputers.)

-- 
Florian Weimer                    Florian.Weimer () RUS Uni-Stuttgart DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault