CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#626979

Icon Labs SSH server vulnerabilities

Overview

The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash.

I. Description

The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. Versions of the Iconfident server prior to 2.3.8 contain multiple denial of service vulnerabilities.

II. Impact

A remote, unauthenticated attacker may be able to cause a vulnerable system to crash or become unable to accept remote SSH connections.

III. Solution

Upgrade

Icon Labs has released Iconfident SSH server 2.3.8 to address these issues.

Restrict access

Restricting access to the Iconfident SSH server by using access control lists or firewall rules may prevent an attacker from exploiting this vulnerability.

Systems Affected

VendorStatusDate Updated
3com, Inc.Unknown2008-06-092008-06-09
AlcatelUnknown2008-06-092008-06-09
AT&TUnknown2008-06-092008-06-09
Avaya, Inc.Unknown2008-06-092008-06-09
Borderware TechnologiesUnknown2008-06-092008-06-09
BroUnknown2008-06-092008-06-09
Charlotte's Web NetworksUnknown2008-06-092008-06-09
Check Point Software TechnologiesUnknown2008-06-092008-06-09
Cisco Systems, Inc.Vulnerable2008-02-012008-06-12
ClavisterUnknown2008-06-092008-06-09
Conectiva Inc.Unknown2008-06-092008-06-09
Cray Inc.Unknown2008-06-092008-06-09
D-Link Systems, Inc.Unknown2008-06-092008-06-09
Data Connection, Ltd.Unknown2008-06-092008-06-09
EMC CorporationUnknown2008-06-092008-06-09
Engarde Secure LinuxUnknown2008-06-092008-06-09
Enterasys NetworksUnknown2008-06-092008-06-09
EricssonNot Vulnerable2008-06-092008-06-12
eSoft, Inc.Unknown2008-06-092008-06-09
Extreme NetworksNot Vulnerable2008-06-092009-04-23
F5 Networks, Inc.Unknown2008-06-092008-06-09
Force10 Networks, Inc.Unknown2008-06-092008-06-09
Fortinet, Inc.Unknown2008-06-092008-06-09
Foundry Networks, Inc.Not Vulnerable2008-06-092008-07-10
FujitsuUnknown2008-06-092008-06-09
Global Technology AssociatesUnknown2008-06-092008-06-09
Hewlett-Packard CompanyUnknown2008-06-092008-06-09
HitachiUnknown2008-06-092008-06-09
HyperchipUnknown2008-06-092008-06-09
Icon LabsVulnerable2008-02-182008-06-09
Ingrian Networks, Inc.Unknown2008-06-092008-06-09
Intel CorporationUnknown2008-06-092008-06-09
Internet Security Systems, Inc.Not Vulnerable2008-06-092008-06-10
IntotoUnknown2008-06-092008-06-09
IP FilterUnknown2008-06-092008-06-09
Juniper Networks, Inc.Unknown2008-06-092008-06-09
Linksys (A division of Cisco Systems)Unknown2008-06-092008-06-09
Lucent TechnologiesUnknown2008-06-092008-06-09
Luminous NetworksUnknown2008-06-092008-06-09
McAfeeNot Vulnerable2008-06-092008-06-11
MontaVista Software, Inc.Unknown2008-06-092008-06-09
Multinet (owned Process Software Corporation)Unknown2008-06-092008-06-09
Multitech, Inc.Unknown2008-06-092008-06-09
NEC CorporationUnknown2008-06-092008-06-09
Network Appliance, Inc.Unknown2008-06-092008-06-09
NextHop Technologies, Inc.Unknown2008-06-092008-06-09
NokiaUnknown2008-06-092008-06-09
Nortel Networks, Inc.Unknown2008-06-092008-06-09
QNX, Software Systems, Inc.Unknown2008-06-092008-06-09
Riverstone Networks, Inc.Unknown2008-06-092008-06-09
Sony CorporationUnknown2008-06-092008-06-09
StonesoftNot Vulnerable2008-06-092008-06-23
Symantec, Inc.Unknown2008-06-092008-06-09
TippingPoint, Technologies, Inc.Not Vulnerable2008-06-092008-07-10
Watchguard Technologies, Inc.Unknown2008-06-092008-06-09
Wind River Systems, Inc.Unknown2008-06-092008-06-09
ZyXELUnknown2008-06-092008-06-09

References


http://www.icon-labs.com/news/read.asp?newsID=77
http://tools.ietf.org/html/rfc4252

Credit

Thanks to Icon Labs for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public05/21/2008
Date First Published06/09/2008 09:06:37 AM
Date Last Updated04/23/2009
CERT Advisory 
CVE Name 
Metric5.62
Document Revision12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2008 Carnegie Mellon University