PKCS #1 Version 1.5 Session Key Retrieval Vulnerability Solution:
It is recommended by SSH.com that all users of the SSH1 protocol package upgrade to a revision using the SSH2 protocol with version 1 compatibility.
This patch has been provided by Core SDI:
--- rsaglue.c Wed Jan 17 11:42:52 2001
+++ rsaglue.c Tue Feb 13 16:05:33 2001
@@ -264,8 +264,10 @@
mpz_clear(&aux);
if (value[0] != 0 || value[1] != 2)
+ {
+ kill(getppid(),SIGALRM);
fatal("Bad result from rsa_private_decrypt");
-
+ }
for (i = 2; i < len && value[i]; i++)
;
--- sshd.c Wed Jan 17 11:42:53 2001
+++ sshd.c Tue Feb 13 16:05:15 2001
@@ -757,9 +757,11 @@
RETSIGTYPE key_regeneration_alarm(int sig)
{
+ static time_t last_keygen_time=0;
/* Check if we should generate a new key. */
- if (key_used)
- {
+ if (key_used && (time(NULL) - last_keygen_time > 60))
+ {
+ last_keygen_time = time(NULL);
/* This should really be done in the background. */
log_msg("Generating new %d bit RSA key.", options.server_key_bits);
random_acquire_light_environmental_noise(&sensitive_data.random_state);
Cisco users should contact the Technical Assistance Centre for patching/upgrading information.
Cisco IOS 12.1YC
Cisco IOS 12.1XR
-
Cisco IOS 12.1(5)XR2
-
Cisco IOS 12.1(5)YD2
Cisco IOS 12.1E
Cisco IOS 12.1XD
Cisco IOS 12.1XQ
Cisco IOS 12.1XJ
Cisco IOS 12.0S
Cisco IOS 12.1EX
Cisco IOS 12.1XI
Cisco IOS 12.1XS
Cisco IOS 12.2XE
Cisco IOS 12.1T
Cisco IOS 12.1XV
Cisco IOS 12.1XA
Cisco IOS 12.2XD
Cisco IOS 12.1YA
Cisco IOS 12.1YD
Cisco IOS 12.1YB
Cisco IOS 12.1EZ
Cisco IOS 12.1XG
Cisco IOS 12.2XQ
Cisco IOS 12.1XM
Cisco IOS 12.1YF
Cisco IOS 12.1XU
Cisco IOS 12.1XC
Cisco IOS 12.2
Cisco IOS 12.1XY
Cisco IOS 12.1XL
Cisco IOS 12.2XH
Cisco IOS 12.1XT
Cisco IOS 12.1XF
Cisco IOS 12.1XH
Cisco IOS 12.1EC
Cisco IOS 12.1EY
Cisco IOS 12.1XP
OpenSSH OpenSSH 1.2.3
SSH Communications Security SSH 1.2.31
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 2.1.1
Cisco PIX Firewall 5.2 (5)
-
Cisco PIX Firewall 5.2(6)
Cisco PIX Firewall 5.3 (1)
-
Cisco PIX Firewall 5.3(2)
