Re: MitM attack against OpenSSH’s VerifyHostKeyDNS-enabled client  – Full Disclosure

Posted by Jordy Zomer on Feb 27

Hey all,

First of all, cool findings! I’ve been working on the CodeQL query and have a revised version that I think improves
accuracy and might offer some performance gains (though I haven’t done rigorous benchmarking). The key change is the
use of `StackVariableReachability` and making sure that there’s a path wher e `var` is not reassigned before taking a
`goto _;`. Ran it on an older database, found some of the same bugs…
 – Read More  – Full Disclosure