Protocol implementation errors

[Peter Gutmann]

Markus Friedl <markus at openbsd.org> writes:
>On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
>> We've already seen half the
>> SSH implementations in existence taken out by the SSH malformed-packet
>> vulnerabilities,
>
>I don't think so.

According to the CERT advisory, roughly half of all known SSH implementations
are vulnerable (some of the vendor statements are a bit ambiguous), and the
number would have been higher if it weren't for the fact that several of the
non-vulnerable implementations share the OpenSSH code base (there are a number
of implementations not in the advisory, but we can take it as being a
representative sample).

The reason I appear to be defending ASN.1 here is that there seems to be an
irrational opposition to it from some quarters (I've had people who wouldn't
recognise ASN.1 if they fell over it tell me with complete conviction that
it's evil and has to be eradicated because... well just because).  I don't
really care about the religious debate one way or the other, I'm just stating
that from having used almost all of the bit-bagging formats (starting with PGP
1.0) for quite a number of years, ASN.1 is the one I feel the most comfortable
with in terms of being able to process it safely.

Incidentally, if anyone wants to look for holes in ASN.1 data in the future,
I'd be really interested in seeing what you can do with malformed X.509 and
S/MIME data.

Peter (who's going to look really embarrassed if the NISCC test suite finds
       problems in his ASN.1 code :-).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com