Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Plaintext Recovery Attack Against OpenSSH (4.7p1) SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Plaintext Recovery Attack Against OpenSSH (4.7p1)

This morning we've received a couple emails and a post in our IRC channel (#dshield on concerning a Plaintext Recovery Attack against OpenSSH.  Specifically version 4.7p1, which is quite old.


From the article:

"If exploited, this attack can potentially allow an attacker to
recover up to 32 bits of plaintext from an arbitrary block of
ciphertext from a connection secured using the SSH protocol in
the standard configuration. If OpenSSH is used in the standard
configuration, then the attacker's success probability for
recovering 32 bits of plaintext is 2^{-18}. A variant of the
attack against OpenSSH in the standard configuration recovers 14
bits of plaintext with probability 2^{-14}. The success probability
of the attack for other implementations of SSH is not known."

Here's a link to the article itself:  here.  So that you may read at your leisure.

Here's a link to OpenSSH's Security Page: here.

The current version of OpenSSH is 5.1, and it's been out since July.  So make sure you are patched by running "ssh -V" on the command line.

I just did it on my OSX Machine and I am running 5.1p1. 


-- Joel Esler



454 Posts
Nov 18th 2008
Is this the same issue as reported against SSH Communications commercial Tectia product?
Yes, it appears to be the same one.

423 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!