BugTraq
yet another OpenSSH timing leak? Oct 09 2006 10:33AM
Marco Ivaldi (raptor 0xdeadbeef info) (1 replies)
Re: yet another OpenSSH timing leak? Oct 09 2006 10:41PM
Gianluca Varisco (giangy techtemple org)
Marco Ivaldi wrote:
> It needs expect, and target ssh hostkey must be already added. I'd be
> very interested in knowing the results of tests performed on other
> distros and configurations.
>

Hi Marco,

nice to meet you :-). I tried to do this test over my 10 Mbps lan and
this is the result:

giangy@thor:~/dev$ ./sshtime calipso users.txt

a@calipso real 9.55
root@calipso real 9.33 <- valid user with shell
wheel@calipso real 10.44
giangy@calipso real 9.49
cdrom@calipso real 9.68
burning@calipso real 9.47
mysql@calipso real 9.35
operator@calipso real 9.59 <- valid user with shell
test@calipso real 9.51 <- valid user with shell

Another test:

a@calipso real 9.37
root@calipso real 9.90 <- valid user with shell
wheel@calipso real 10.66
giangy@calipso real 9.41
cdrom@calipso real 9.30
burning@calipso real 10.30
mysql@calipso real 9.47
operator@calipso real 10.21 <- valid user with shell
test@calipso real 10.98 <- valid user with shell
daemon@calipso real 7.14
abcd@calipso real 7.20

"root", "operator" and "test" are valid users with a valid shell
enabled. I made this test on Slackware 11.0 (fresh installation) with
OpenSSH_4.4p1. I used the default sshd_config (see
http://slackware.osuosl.org/slackware-current/source/n/openssh/ for more
informations about the package). So, I don't received any timing leak in
this session.

I'll try as possible other distributions and configurations. However,
good work Marco :-).

Best Regards,

Gianluca Varisco

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus