Threat Encyclopedia



It indicates an overflow vulnerability in a Secure Shell (SSH) implementation.

SSH is used to remotely connect systems over encrypted TCP sessions. Due to a flaw in the CRC32 compensation attack detection, an attacker can execute arbitrary commands on a target by sending a specially-crafted packet to the SSH daemon.

affected-products-logoAffected Products

The following systems are vulnerable to the attack:

OpenSSH prior to version 2.2.

SSH Secure Communications prior to 1.2.31

Cisco IOS 12.1, 12.2


Attackers gain root privileges on the victim system and can execute arbitrary commands.

recomended-action-logoRecommended Actions

Upgrade the system to the latest non-vulnerable version.

CVE References