Several protocols which implement the digital enveloping method, described in version 1.5 of the PKCS #1 standard, are susceptible to an adaptive ciphertext attack. This allows the recovery of session keys, thus compromising the integrity of the data transmitting during that session. The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems.
Classification
Unknown or Incomplete
Technical
It is possible for a remote attacker to decrypt and/or alter traffic via an attack on PKCS#1 version 1.5 knows as a Bleichenbacher attack. OpenSSH up to version 2.3.0, AppGate, and SSH Communications Security ssh-1 up to version 1.2.31 have the vulnerability present, although it may not be exploitable due to configurations.
For a more detailed explanation on the Bleichenbacher attack, please read CERT VU 888801 and CERT VU 997481.
Solution
Upgrade to the latest version of SSH software and disable the SSH 1 protocol.
