Skip navigation
Menu
Security

Vulnerability in Multiple SSH Implementations

Reported February 8, 2001, by BindView RAZOR Team.

VERSIONS AFFECTED
  • SSH 1.2.x Server
  • SSH 1.2.x Client
  • FSecure SSH 1.3.x Server
  • FSecure SSH 1.3.x Client
  • OSSH daemons
  • OpenSSH 2.3.0

DESCRIPTION

Implementations of SSH that include the deattack.c code, which Core SDI developed to prevent cryptography attacks, are vulnerable to an integer overflow. Insufficient range control calculations in the detect_attack() function lead to a table index overflow that can result in arbitrary commands running on the vulnerable host.

VENDOR RESPONSE

The various vendors involved have been contacted and have released patches to address the problem. Check your SSH vendor's Web site to determine whether your version of SSH is vulnerable.

 

The original RAZOR advisory is available at:

http://razor.bindview.com/publish/advisories/adv_ssh1crc.html

 

Core SDI also released an advisory available at:

 

http://listserv.ntsecurity.net/scripts/wa-ntsecurity.exe?A2=ind0102b&L=win2ksecadvice&F=&S=&P=544

CREDIT
Discovered by BindView RAZOR Team.
 
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading