SSH Communications Secure Shell/IPSEC Express Toolkit RSA签名可伪造漏洞发布时间:2003-06-30 更新时间:2003-06-30 严重程度:高 威胁程度:欺骗 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:8094 受影响系统 SSH Communications Security IPSEC Express Toolkit 5.0 .0详细描述 SSH Communications Secure Shell和IPSEC Express Toolkit存在漏洞,可导致攻击者在不需要RSA私钥的情况下伪造RSA签名。这包含用于主机或用户验证的签名。不过此漏洞必须难于利用,并且需要暴力猜测。 测试代码 尚无 解决方案 补丁下载: SSH Communications Security SSH2 3.1: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.1: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.2: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.3: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.4: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.5: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.6: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.1.7: SSH Communications Security Upgrade Secure Shell 3.1.8 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-1.html SSH Communications Security Upgrade Secure Shell 3.1.8 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-1.html SSH Communications Security SSH2 3.2: SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe For non-commercial users. SSH Communications Security SSH2 3.2.1: SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe For non-commercial users. SSH Communications Security SSH2 3.2.2: SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe For non-commercial users. SSH Communications Security SSH2 3.2.3: SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe For non-commercial users. SSH Communications Security SSH2 3.2.4: SSH Communications Security Upgrade Secure Shell 3.2.5 for Workstations http://www.ssh.com/support/downloads/secureshellwks/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Servers http://www.ssh.com/support/downloads/secureshellserver/updates-and-packages-3-2.html SSH Communications Security Upgrade Secure Shell 3.2.5 for Windows Servers http://www.ssh.com/support/downloads/secureshellwinserver/updates-and-packages-3-2.html SSH Communications Security Upgrade SSHSecureShellClient-3.2.5.exe ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe For non-commercial users. 相关信息 参考:http://www.ssh.com/company/newsroom/article/454/ |
