In OpenSSH 5.2 release notes it says there are mitigations to to CPNI-95703=
7 "Plaintext Recovery Attack Against SSH", but in the latest release of Ope=
nSSH 7.3, AES-CBC is disabled. Should AES-CBC mode not be used because of =
the Univ of London hack. http://www.openssh.com/txt/cbc.adv
Changes since OpenSSH 7.2
Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
Changes since OpenSSH 5.1
* This release changes the default cipher order to prefer the AES CTR
modes and the revised "arcfour256" mode to CBC mode ciphers that are
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
* This release also adds countermeasures to mitigate CPNI-957037-style
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
detection of an invalid packet length or Message Authentication
Code, ssh/sshd will continue reading up to the maximum supported
packet length rather than immediately terminating the connection.
This eliminates most of the known differences in behaviour that
leaked information about the plaintext of injected data which formed
the basis of this attack. We believe that these attacks are rendered
infeasible by these changes.