SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#626979

Icon Labs SSH server vulnerabilities

Overview

The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash.

I. Description

The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. Versions of the Iconfident server prior to 2.3.8 contain multiple denial of service vulnerabilities.

II. Impact

A remote, unauthenticated attacker may be able to cause a vulnerable system to crash or become unable to accept remote SSH connections.

III. Solution

Upgrade

Icon Labs has released Iconfident SSH server 2.3.8 to address these issues.

Restrict access

Restricting access to the Iconfident SSH server by using access control lists or firewall rules may prevent an attacker from exploiting this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
3com, Inc.Unknown2008-06-092008-06-09
AlcatelUnknown2008-06-092008-06-09
AT&TUnknown2008-06-092008-06-09
Avaya, Inc.Unknown2008-06-092008-06-09
Borderware TechnologiesUnknown2008-06-092008-06-09
BroUnknown2008-06-092008-06-09
Charlotte's Web NetworksUnknown2008-06-092008-06-09
Check Point Software TechnologiesUnknown2008-06-092008-06-09
Cisco Systems, Inc.Vulnerable2008-02-012008-06-12
ClavisterUnknown2008-06-092008-06-09
Conectiva Inc.Unknown2008-06-092008-06-09
Cray Inc.Unknown2008-06-092008-06-09
D-Link Systems, Inc.Unknown2008-06-092008-06-09
Data Connection, Ltd.Unknown2008-06-092008-06-09
EMC CorporationUnknown2008-06-092008-06-09
Engarde Secure LinuxUnknown2008-06-092008-06-09
Enterasys NetworksUnknown2008-06-092008-06-09
EricssonNot Vulnerable2008-06-092008-06-12
eSoft, Inc.Unknown2008-06-092008-06-09
Extreme NetworksNot Vulnerable2008-06-092009-04-23
F5 Networks, Inc.Unknown2008-06-092008-06-09
Force10 Networks, Inc.Unknown2008-06-092008-06-09
Fortinet, Inc.Unknown2008-06-092008-06-09
Foundry Networks, Inc.Not Vulnerable2008-06-092008-07-10
FujitsuUnknown2008-06-092008-06-09
Global Technology AssociatesUnknown2008-06-092008-06-09
Hewlett-Packard CompanyUnknown2008-06-092008-06-09
HitachiUnknown2008-06-092008-06-09
HyperchipUnknown2008-06-092008-06-09
Icon LabsVulnerable2008-02-182008-06-09
Ingrian Networks, Inc.Unknown2008-06-092008-06-09
Intel CorporationUnknown2008-06-092008-06-09
Internet Security Systems, Inc.Not Vulnerable2008-06-092008-06-10
IntotoUnknown2008-06-092008-06-09
IP FilterUnknown2008-06-092008-06-09
Juniper Networks, Inc.Unknown2008-06-092008-06-09
Linksys (A division of Cisco Systems)Unknown2008-06-092008-06-09
Lucent TechnologiesUnknown2008-06-092008-06-09
Luminous NetworksUnknown2008-06-092008-06-09
McAfeeNot Vulnerable2008-06-092008-06-11
MontaVista Software, Inc.Unknown2008-06-092008-06-09
Multinet (owned Process Software Corporation)Unknown2008-06-092008-06-09
Multitech, Inc.Unknown2008-06-092008-06-09
NEC CorporationUnknown2008-06-092008-06-09
Network Appliance, Inc.Unknown2008-06-092008-06-09
NextHop Technologies, Inc.Unknown2008-06-092008-06-09
NokiaUnknown2008-06-092008-06-09
Nortel Networks, Inc.Unknown2008-06-092008-06-09
QNX, Software Systems, Inc.Unknown2008-06-092008-06-09
Riverstone Networks, Inc.Unknown2008-06-092008-06-09
Sony CorporationUnknown2008-06-092008-06-09
StonesoftNot Vulnerable2008-06-092008-06-23
Symantec, Inc.Unknown2008-06-092008-06-09
TippingPoint, Technologies, Inc.Not Vulnerable2008-06-092008-07-10
Watchguard Technologies, Inc.Unknown2008-06-092008-06-09
Wind River Systems, Inc.Unknown2008-06-092008-06-09
ZyXELUnknown2008-06-092008-06-09

References


http://www.icon-labs.com/news/read.asp?newsID=77
http://tools.ietf.org/html/rfc4252

Credit

Thanks to Icon Labs for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:2008-05-21
Date First Published:2008-06-09
Date Last Updated:2009-04-23
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:5.62
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader