Plaintext recovery attack in SSH, discovered by CPNI?

Wed Nov 19 05:21:01 PST 2008

Good day.

Just came across the following list in the oss-security list:
  http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

People are saying that this vulnerability was tested for Debian's ;))
OpenSSH 4.7p1, but they generally believe that any RFC-compliant
implementation should have this if CBC mode is used.  The advisory says
that CTR mode is safe, but I see that at least for FreeBSD's OpenSSH
(OpenSSH_5.1p1) still uses various ciphers in the CBC mode as the
preferential ones.  Perhaps we should just change the default
ciphersuites order?

So, it is interesting what OpenSSH developers can tell about this:
I had seen no words about this at http://openssh.org/security.html
and relese notes, so if you can -- please, comment on this.

Thanks!
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual   
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook 
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20081119/896bce0e/attachment.pgp