oss-security - Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <20250310120048.GA17485@localhost.localdomain>
Date: Mon, 10 Mar 2025 12:01:20 +0000
From: Qualys Security Advisory <qsa@...lys.com>
To: Buherátor <buherator@...il.com>
CC: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: MitM attack against OpenSSH's
 VerifyHostKeyDNS-enabled client

Hi Buherátor, all,

On Thu, Mar 06, 2025 at 10:15:08PM +0100, Buherátor wrote:
> I also gave this a shot and came up with this query that uses
> data-flow tracking and also uses StackVariableReachability as
> suggested by Jordy.
> I also wrote (much) about the development process to help tweaking the
> query further:

Wow, this is amazing, and your write-up is a gem, thank you so much for
working on all this and for sharing it!

Just thinking out loud, but would it somehow be possible to continuously
run Jordy's and/or Buherátor's CodeQL queries to prevent the
reappearance of such issues?

Maybe someone from CodeQL or GitHub Security Lab could chime in or help
with this? Again, just thinking out loud.

Thank you very much! With best regards,

-- 
the Qualys Security Advisory team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.