That is a very interesting find to me personally. System and Software Security is something I have great interest in. I am a security advisor in a datacenter in the UK. However the article http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt says this is a very severe attack although the possibility of a sucessful attack is Very low. But you can never be too careful about these things.
Software vendors may be getting more technicologically advanced but so are exploit coders. For example PHP addslashes() was added to stop SQL Injection exploits by adding a slash to every quotation. Attackers realised PHP didnt parse HEX code but mySQL Server did. This makes me wonder if The posibility of an attack using this vulnerability is fairly high rather than low.
On Tue, May 19, 2009 at 5:49 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote:
If y'all see an ssh session dropping constantly (like, 11356 times :) let
me know.
http://www.openssh.com/txt/cbc.adv
-Mike
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
--
Keiran Smith
- Fedora Ambassador / BugZapper - <affix@xxxxxxxxxxxxxxxxx>
- Free Software Foundation Associate - <keiran.smith@xxxxxxxxxxxxxx>
- http://keiran-smith.net
- Call me on +44 (0) 131 208 4347
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
