Ubuntu 9.04 and 9.10 have a backported patch to make the chances for a successful attack even smaller:
openssh (1:5.1p1-5) unstable; urgency=low
* Backport from upstream CVS (Markus Friedl):
- packet_disconnect() on padding error, too. Should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
Marking the 9.10 task as "Won't fix" (and added 9.04 for completeness). Added 8.10 task and will backport the packet_disconnect() patch with the next 8.10 openssh security update.
For those that want to address this fully, from http://www.openssh.com/txt/cbc.adv:
"AES CTR mode and arcfour ciphers are not vulnerable to this attack at
all. These may be preferentially selected by placing the following
directive in sshd_config and ssh_config:
Ubuntu 9.04 and 9.10 have a backported patch to make the chances for a successful attack even smaller:
openssh (1:5.1p1-5) unstable; urgency=low
* Backport from upstream CVS (Markus Friedl):
- packet_disconnect() on padding error, too. Should reduce the success
probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
Marking the 9.10 task as "Won't fix" (and added 9.04 for completeness). Added 8.10 task and will backport the packet_disconnect() patch with the next 8.10 openssh security update.
For those that want to address this fully, from http:// www.openssh. com/txt/ cbc.adv:
"AES CTR mode and arcfour ciphers are not vulnerable to this attack at
all. These may be preferentially selected by placing the following
directive in sshd_config and ssh_config:
Ciphers aes128- ctr,aes256- ctr,arcfour256, arcfour, aes128- cbc,aes256- cbc"