oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH

From: "Theo de Raadt" <deraadt () openbsd org>
Date: Sun, 28 Sep 2025 09:30:38 -0600
Adiletta, Andrew <ajadiletta () wpi edu> wrote:


As far as SSH is concerned there are ways to handle synchronization (we outline them
in the paper). The POC concept we present in the paper should be acceptable to anybody
who is fluent in the Rowhammer/microarch attack literature.


I disagree.  I believe your simulation is fake. 


There are numerous results
where the target is slowed down to solve synchronization. We don’t brush aside or hide
the synchronization issue in the paper but discuss it explicitly.


Then why don't you produce exactly such a synchronization without any source code
changes, in any actual distribution build system??

It's not that you brush or hide; it is that you overplay the seriousness by
providing an entirely synthetic example.

Unless your document is amended, non-astute readers in the future will
read this as "serious OpenSSH problem" instead of "entirely synthetic
and fake demonstration".

I think you made a mistake choosing OpenSSH as a demonstration target
for reputational benefit, that hand-waving about realistic attacks when
you didn't execute one, and I'm calling you out for what is effectively
academic malpractice.
Previous By Date Next
Previous By Thread Next

Current thread: