Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <56111.1759117813@cvs.openbsd.org>
Date: Sun, 28 Sep 2025 21:50:13 -0600
From: "Theo de Raadt" <deraadt@...nbsd.org>
To: Damien Miller <djm@...drot.org>
cc: "Adiletta, Andrew" <ajadiletta@....edu>,
    Solar Designer <solar@...nwall.com>,
    "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
    "openssh@...nssh.com" <openssh@...nssh.com>,
    "Tol,
    Caner" <mtol@....edu>, "Sunar, Berk" <sunar@....edu>,
    "Doroz,
    Yarkin" <ydoroz@....edu>,
    "Todd C. Miller" <Todd.Miller@...rtesan.com>,
    "pgut001@...auckland.ac.nz" <pgut001@...auckland.ac.nz>
Subject: Re: [EXT] Re: CVE-2023-51767: a bogus CVE in OpenSSH

Damien Miller <djm@...drot.org> wrote:

> On Sun, 28 Sep 2025, Adiletta, Andrew wrote:
> 
> > Theo,
> >
> > Even after two years we stand behind our paper and the contributions
> > as outlined. There is nothing more natural for any vulnerability
> > researcher to evaluate the most widely used products. If we had doubts
> > about the claim or any of the POCs, we would have simply not included
> > them in the paper. 
> 
> Again, the POCs were not against OpenSSH but your modified version and
> you did not demonstrate any of the techniques that you suppose could
> have been used to make the attack viable against the unmodified product.
> Your abstract therefore clearly overstates the extent of your work.
> 
> The fact that someone filed this CVE based on your paper demonstrates
> that it is misleading.

I don't think the CVE was filed because of the misleading abstract.

Rather, it was due to the misleading contents saying that OpenSSH is
vulnerable, with a large amount of effort shown, and text explaining it.
Many readers will finish reading without understand how extremely
artificial the demonstration is.

So to refresh -- OpenSSH is not vulnerable, but the paper says it is.

Downstream OpenSSH in Redhat, Debian, Cisco routers, etc etc are also
not vulnerable to the artificial demonstrator.

The claims about other methods lack proof.  Demonstrate those methods
working, or retract the claims.


OpenSSH was probably not chosen as an example because it is widely used,
but because of the strong academic reputation to be collected from
publishing a viable attack against OpenSSH..... except such an attack
is not actually demonstrated.

Many of us understand the zeal to explain single-bit flips against
in-memory variables with value 0/1 versus the benefit of variables with
greater bit-spread, but the bogus OpenSSH side-study is a distraction
which should not have landed in this paper.


Andrew, I think your proposal to change the abstract is not sufficient.

I think the paper needs a retraction of all the claims against OpenSSH;
alternatively you could complete a demonstration of those described
theoretical methods working against a real, unmodified OpenSSH, exploit it
and become rightously famous.  At the moment, you are becoming famous
for doing this wrong.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.