| Release Date | May 14, 2009 |
| Severity | Critical |
| Impact | System compromise, arbitrary code execution, Denial of service. |
| Description | This vulnerability affects Secure Shell (SSH) remote access protocol. The vulnerability results from an integer-overflow bug in the CRC32 compensation attack detection code. Because the 32 bit packet length is assigned to a 16 bit integer, an attacker may be able to corrupt future calls to malloc() and write values to arbitrary locations in memory. By exploiting this an attacker may be able to gain root privileges and execute arbitrary code. |
| Affected Products | OpenSSH prior to version 2.2.
SSH Secure Communications prior to 1.2.31.
Cisco IOS 12.1, 12.2.
Cisco Catalyst 6000 switches running CatOS.
Cisco PIX Firewall.
Cisco 11000 Content Service Switch family.
NetScreen ScreenOS 2.6.1, 3.0.1 r2, 2.0.3 r1.1, 3.1, 3.1.1 r2.
Secure Computing SafeWord Agent For SSH 1.0 |
| Recommended Actions | Upgrade to SSH Secure Shell version 3.0.1.
Cisco upgrades:
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html
Netscreen upgrades:
http://www.juniper.net/support/security/alerts/11_06_02.html |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2001-0144
|
| Reference/s | http://www.securityfocus.com/bid/2347 (BugTraq)
|