Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Feb 2015 10:11:36 -0500
From: Daniel Kahn Gillmor <>
To: Florent Daigniere <>,
Subject: dropbear and PuTTY missing DHE sanity checks  [was: Re: CVE request: RFC 4253 section 8 wooes]

On Fri 2015-02-27 06:59:57 -0500, Florent Daigniere wrote:

> RFC 4253 section 8 describes how the DiffieHellman exchange is done in
> SSH... It mandates a few sanity bound-checks (for both the values of
> exponents and exponentials) that some implementations are not doing...
> Can you please assign three CVEs for the following bugs?
> MATTA-2015-002 PuTTY
> will be fixed in the upcoming release (0.64 I think)
> - The exponential is not checked for trivial values
> MATTA-2015-001 Dropbox
                 ^^^^^^^ I'm pretty sure you mean dropbear here, based
                         on the links below.
> fixed in:
> - The exponential is not checked for all trivial values (it just does
> what the RFC mandates, which is clearly not enough!)
> - The exponent picked might be a trivial value (this is theoretical more
> than anything else assuming the CSPRNG is working). It's a regression
> from 0.49
> (



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ