|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
CERT issues advisory over SSH vulnerabilities By Patrick Gray, 0 December 17, 2002 URL: http://www.zdnet.com.au/news/security/soa/CERT-issues-advisory-over-SSH-vulnerabilities/0,130061744,120270730,00.htm
Vulnerabilities have been found in multiple SSH implementations, according to the latest CERT security advisory. SSH is a widely used secure shell protocol, somewhat like an encrypted and secure -telnet" program. The vulnerabilities may allow an attacker to take control of a server running SSH. Rapid7, a security company, developed an SSH test suite named -SSHhredder", which was able to pinpoint the security flaws in several implementations of the SSH protocol. Vendors listed as vulnerable in the relevant CERT vulnerability notes include F-Secure, SSH Communications security, Pragma Systems and Intersoft International. The most widely used implementation, OpenSSH, is not vulnerable. The official response from many of the vendors listed as vulnerable has been to deny the problem seriously affects their products. F-Secure claim that -F-Secure SSH products are not exploitable via these attacks. While F-Secure SSH versions 3.1.0 build 11 and earlier crash on these malicious packets, we did not find ways to exploit this to gain unauthorized access or to run arbitrary code." SSH Communications Security made a similar statement. -SSH Secure Shell products are not exploitable via these attacks." The original advisory is available at cert.org.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
