An attack on CRC-32 integrity checks of encrypted channels using CBC and CFB modes

A known-plaintext attack against SSH protocol version 1.5 is described that allows an attacker to insert arbitrary commands in the stream regardless of the authentication protocol used, the block cipher or the key. The attack is based on weakneses of the integrity function used (CRC-32) that become exploitable due to the use of CBC and CFB feedback modes.