Reported February 8, 2001, by BindView RAZOR Team.
VERSIONS AFFECTED
- SSH 1.2.x Server
- SSH 1.2.x Client
- FSecure SSH 1.3.x Server
- FSecure SSH 1.3.x Client
- OSSH daemons
- OpenSSH 2.3.0
DESCRIPTION
Implementations of SSH that include the deattack.c code,
which Core SDI developed to prevent cryptography attacks, are vulnerable to
an integer overflow. Insufficient range control calculations in the
detect_attack() function lead to a table index overflow that can result in
arbitrary commands running on the vulnerable host.
VENDOR RESPONSE
The various vendors involved have
been contacted and have released patches to address the problem. Check
your SSH vendor's Web site to determine whether your version of SSH is
vulnerable.
The original RAZOR advisory is available at:
http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Core SDI also released an
advisory available at:
http://listserv.ntsecurity.net/scripts/wa-ntsecurity.exe?A2=ind0102b&L=win2ksecadvice&F=&S=&P=544
CREDIT
Discovered by BindView
RAZOR Team. |