|
|
|
 |
Vulnerability Note VU#333980SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packetOverviewSSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server.I. DescriptionSSH Communications' Secure Shell contains a vulnerability in the decoding of BER/DER encoded packets. According to the SSH Communications Advisory:BER/DER encoding is applied in digital certificates, which are used for authenticating a user to a host. Certificates are also commonly used for authenticating SSL/TLS connections. Note that this vulnerability does not affect the non-commercial versions of SSH Secure Shell (Unix), as these versions do not contain the vulnerable ASN.1 related libraries. This vulnerability may be related to the "Multiple vulnerabilities in SSL/TLS implementations" described in VU#104280. II. ImpactA remote unauthenticated attaker may be able to crash the target server, causing a denial of service. Exploitation may also permit the execution of arbitrary code.III. SolutionSSH Communications has released version 3.2.9 of SSH Secure Shell to resolve this issue. Please see the SSH Communications' Advisory for more details on upgrading. Likewise, vendors that redistribute versions of this product may provide their own patches or updates.According to the SSH Communications' Advisory:
Systems Affected
References
Thanks to Stonesoft for reporting this vulnerability. This document was written by Jason A Rafail.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Get Adobe Reader