CERT issues advisory over SSH vulnerabilities

By Patrick Gray
17 December 2002 12:30 PM
Tags: advisory, ssh, cert, vulnerable, secure
Vulnerabilities have been found in multiple SSH implementations, according to the latest CERT security advisory.

SSH is a widely used secure shell protocol, somewhat like an encrypted and secure -telnet" program.

The vulnerabilities may allow an attacker to take control of a server running SSH.

Rapid7, a security company, developed an SSH test suite named -SSHhredder", which was able to pinpoint the security flaws in several implementations of the SSH protocol.

Vendors listed as vulnerable in the relevant CERT vulnerability notes include F-Secure, SSH Communications security, Pragma Systems and Intersoft International.

The most widely used implementation, OpenSSH, is not vulnerable.

The official response from many of the vendors listed as vulnerable has been to deny the problem seriously affects their products.

F-Secure claim that -F-Secure SSH products are not exploitable via these attacks. While F-Secure SSH versions 3.1.0 build 11 and earlier crash on these malicious packets, we did not find ways to exploit this to gain unauthorized access or to run arbitrary code."

SSH Communications Security made a similar statement.

-SSH Secure Shell products are not exploitable via these attacks."

The original advisory is available at cert.org.

Advertisement

Talkback 0 comments

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Suzanne Tindal Love me, tender
    Considering how expensive and drawn-out tender processes can be to solve problems that might be very immediate, it's little wonder that the Victorian Police IT department tried to work the tender exemptions system.
  • Array 2009 funding drought rolls on
    For Australian start-ups looking for venture capital, 2009 was a very bad year. 2010 may be no better.
  • Array Can not-so-smart meters help the NBN?
    It was interesting to witness Conroy's recent enthusiasm to spruik the NBN's role in supporting the Smart Grid, Smart City initiative. What a pity that Conroy hadn't yet seen the damning report from the Victorian auditor-general about that state's smart-meter roll-out.
  • More blogs »

Tags

Back to top

Featured