|To:||"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>|
|Subject:||Re: CRC32 - thoughts on Gutmann response|
|From:||Ori Pessach <mail,AT,oripessach,DOT,com>|
|Date:||Thu, 25 Sep 2003 12:49:50 -0600|
|References:||<email@example.com> <firstname.lastname@example.org> <email@example.com>|
The ssh exploit relies on an established ssh connection into which an attacker injects a packet that the server processes via the shell process connected to the session's socket. The exploit doesn't allow directly for packets to be decryptable by the attacker; it doesn't need to since it need not 'see' server response data to execute an arbitrary command. Since CIPE tunnels IP packets "router to router", wouldn't the exploit have to inject a complete TCP packet would successfully be injected into an established TCP connection terminating at an application that could then be exploited? This sounds *hard*, since the exploit doesn't allow the attacker to view plaintext packets to try to find an existing TCP session within the tunnel to hijack.
It seems attacking management packets is more likely to be doable. Gutmann alluded to key weakness in 3DES and IDEA, but since we use Blowfish (don't most of us anymore?) I can't make the connection here. Also, I'm not sure how readily 16 bytes of known plaintext can be determinable in these packets.
I'm not suggesting that CIPE is not vulnerable; there seems ample evidence to show changes are warranted. What I'm trying to understand is the level of exposure, which for me translates into how long I can/should allow my customers to continue to use CIPE before making a change (either to a revised CIPE or something else).