首页 -> 安全研究
安全研究
安全漏洞
SSH Communications Secure Shell/IPSEC Express Toolkit RSA签名伪造漏洞
发布日期:2003-06-30
更新日期:2003-07-10
受影响系统:
SSH Communications Security SSH2 3.2.4不受影响系统:
SSH Communications Security SSH2 3.2.3
SSH Communications Security SSH2 3.2.2
SSH Communications Security SSH2 3.2.1
SSH Communications Security SSH2 3.2
SSH Communications Security SSH2 3.1.7
SSH Communications Security SSH2 3.1.6
SSH Communications Security SSH2 3.1.5
SSH Communications Security SSH2 3.1.4
SSH Communications Security SSH2 3.1.3
SSH Communications Security SSH2 3.1.2
SSH Communications Security SSH2 3.1.1
SSH Communications Security SSH2 3.1
SSH Communications Security IPSEC Express Toolkit 5.0.0
SSH Communications Security SSH2 3.2.5描述:
SSH Communications Security SSH2 3.1.8
SSH Communications Security IPSEC Express Toolkit 5.1.1
BUGTRAQ ID: 8094
SSH Secure Shell和SSH IPSEC Express Toolkit是加密通信协议实现。
部分RSA签名不正确验证主机或用户验证包含的数据证书,远程攻击者可以利用这个漏洞伪造签名未授权访问主机。
在代码中不正确地错误报告可能导致部分非法RSA签名不正确的被校验。这可导致那些不拥有RSA私钥的攻击者在只知道响应公钥的情况下伪造签名。不过在实践当中,要伪造一个签名很困难。要成功伪造签名,攻击者必须构建类似实际签名至少68重要位的缓冲区,也就是,在签名缓冲区上执行RSA公钥求幂后,结果缓冲区中必须有合法的PKCS v1.5填补和ASN.1结构,否则签名会正确的被声明非法,验证失败。
<*来源:SSH vendor
链接:http://www.ssh.com/company/newsroom/article/454/
*>
建议:
厂商补丁:
SSH Communications Security
---------------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
SSH Communications Security SSH2 3.1:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.1:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.2:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.3:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.4:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.5:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.6:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.1.7:
SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html
SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html
SSH Communications Security SSH2 3.2:
SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe
ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe
For non-commercial users.
SSH Communications Security SSH2 3.2.1:
SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe
ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe
For non-commercial users.
SSH Communications Security SSH2 3.2.2:
SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe
ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe
For non-commercial users.
SSH Communications Security SSH2 3.2.3:
SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe
ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe
For non-commercial users.
SSH Communications Security SSH2 3.2.4:
SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations
http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers
http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers
http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html
SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe
ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe
For non-commercial users.
浏览次数:3265
严重程度:0(网友投票)
绿盟科技给您安全的保障