There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice.
Session is encrypted using IDEA cipher.
Attackers can modify the last block of an SSH packet encrypted with IDEA.
Disable the IDEA cipher with SSH1.
SSH Communications Security
The CERT/CC thanks Antti Huima, Tuomas Aura, and Janne Salmi for their analysis and Tatu Ylonen for bringing this vulnerability to our attention.
This document was written by Jeffrey P. Lanza.
|Date First Published:||2001-01-18|
|Date Last Updated:||2002-03-05 20:23 UTC|