Vulnerability Note VU#958563
SSH CBC vulnerability
A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext.
The Secure Shell (SSH) is a network protocol that creates a secure channel between two networked devices in order to allow data to be exchanged. SSH can create this secure channel by using Cipher Block Chaining (CBC) mode encryption. This mode adds a feedback mechanism to a block cipher that operates in a way that ensures that each block is used to modify the encryption of the next block.
SSH contains a vulnerability in the way certain types of errors are handled. Attacks leveraging this vulnerabilty would lead to the loss of the SSH session. According to CPNI Vulnerability Advisory SSH:
An attacker may be able to recover up to 32 bits of plaintext from an arbitrary block of ciphertext.
We are currently unaware of a practical solution to this problem.
Use CTR Mode
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Bitvise||Affected||07 Nov 2008||24 Nov 2008|
|FiSSH||Affected||07 Nov 2008||24 Nov 2008|
|Icon Labs||Affected||07 Nov 2008||24 Nov 2008|
|OpenSSH||Affected||07 Nov 2008||24 Nov 2008|
|OSSH||Affected||07 Nov 2008||24 Nov 2008|
|PuTTY||Affected||07 Nov 2008||05 Jan 2009|
|Redback Networks, Inc.||Affected||07 Nov 2008||24 Nov 2008|
|SSH Communications Security Corp||Affected||07 Nov 2008||24 Nov 2008|
|TTSSH||Affected||07 Nov 2008||24 Nov 2008|
|VanDyke Software||Affected||07 Nov 2008||12 Jan 2009|
|Wind River Systems, Inc.||Affected||07 Nov 2008||24 Nov 2008|
CVSS Metrics (Learn More)
Thanks to CPNI for reporting this vulnerability.
This document was written by Chris Taschner.
- CVE IDs: Unknown
- Date Public: 14 Nov 2008
- Date First Published: 24 Nov 2008
- Date Last Updated: 12 Jan 2009
- Severity Metric: 0.30
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.