oss-sec mailing list archives

Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

From: Qualys Security Advisory <qsa () qualys com>
Date: Mon, 10 Mar 2025 12:01:20 +0000

Hi Buherátor, all,

On Thu, Mar 06, 2025 at 10:15:08PM +0100, Buherátor wrote:

I also gave this a shot and came up with this query that uses
data-flow tracking and also uses StackVariableReachability as
suggested by Jordy.
I also wrote (much) about the development process to help tweaking the
query further:


Wow, this is amazing, and your write-up is a gem, thank you so much for
working on all this and for sharing it!

Just thinking out loud, but would it somehow be possible to continuously
run Jordy's and/or Buherátor's CodeQL queries to prevent the
reappearance of such issues?

Maybe someone from CodeQL or GitHub Security Lab could chime in or help
with this? Again, just thinking out loud.

Thank you very much! With best regards,

-- 
the Qualys Security Advisory team

Current thread:

MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory (Feb 18)
- Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer (Feb 21)
  - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy (Feb 24)
    - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Solar Designer (Feb 24)
    - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Dmitry Belyavskiy (Feb 24)
- <Possible follow-ups>
- Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Jordy Zomer (Feb 21)
  - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory (Feb 21)
    - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Buherátor (Mar 06)
    - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client Qualys Security Advisory (Mar 10)