Full Disclosure: Re: OpenSSH Security Advisory: gcmrekey.adv

Re: OpenSSH Security Advisory: gcmrekey.adv

From: yersinia <yersinia.spiros () gmail com>
Date: Sat, 9 Nov 2013 09:59:06 +0100

On Fri, Nov 8, 2013 at 7:47 PM, coderman <coderman () gmail com> wrote:

surprised not a peep about this one here yet,... hmmm
  a fun one ;)

we are accustomed to old software adding risk;
 new (secondary effects of combined AUTH+ENC modes)
   also carries risk!


Well know possibility, yes. In any case the problem is well know
everywhere already

https://security-tracker.debian.org/tracker/CVE-2013-4548
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4548

Best

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- Re: OpenSSH Security Advisory: gcmrekey.adv yersinia (Nov 09)
- Re: OpenSSH Security Advisory: gcmrekey.adv CERT OPS Marienfeldt (Nov 09)
  - Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 08)
- <Possible follow-ups>
- Re: OpenSSH Security Advisory: gcmrekey.adv Harry Hoffman (Nov 09)
  - Re: OpenSSH Security Advisory: gcmrekey.adv Bob Man Van Kim (Nov 09)
    - Re: OpenSSH Security Advisory: gcmrekey.adv coderman (Nov 09)