SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#626979

Icon Labs SSH server vulnerabilities

Overview

The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash.

I. Description

The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. Versions of the Iconfident server prior to 2.3.8 contain multiple denial of service vulnerabilities.

II. Impact

A remote, unauthenticated attacker may be able to cause a vulnerable system to crash or become unable to accept remote SSH connections.

III. Solution

Upgrade

Icon Labs has released Iconfident SSH server 2.3.8 to address these issues.

Restrict access

Restricting access to the Iconfident SSH server by using access control lists or firewall rules may prevent an attacker from exploiting this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
3com, Inc.Unknown9-Jun-2008
AlcatelUnknown9-Jun-2008
AT&TUnknown9-Jun-2008
Avaya, Inc.Unknown9-Jun-2008
Borderware TechnologiesUnknown9-Jun-2008
BroUnknown9-Jun-2008
Charlotte's Web NetworksUnknown9-Jun-2008
Check Point Software TechnologiesUnknown9-Jun-2008
Cisco Systems, Inc.Vulnerable12-Jun-2008
ClavisterUnknown9-Jun-2008
Conectiva Inc.Unknown9-Jun-2008
Cray Inc.Unknown9-Jun-2008
D-Link Systems, Inc.Unknown9-Jun-2008
Data Connection, Ltd.Unknown9-Jun-2008
EMC CorporationUnknown9-Jun-2008
Engarde Secure LinuxUnknown9-Jun-2008
Enterasys NetworksUnknown9-Jun-2008
EricssonNot Vulnerable12-Jun-2008
eSoft, Inc.Unknown9-Jun-2008
Extreme NetworksUnknown9-Jun-2008
F5 Networks, Inc.Unknown9-Jun-2008
Force10 Networks, Inc.Unknown9-Jun-2008
Fortinet, Inc.Unknown9-Jun-2008
Foundry Networks, Inc.Not Vulnerable10-Jul-2008
FujitsuUnknown9-Jun-2008
Global Technology AssociatesUnknown9-Jun-2008
Hewlett-Packard CompanyUnknown9-Jun-2008
HitachiUnknown9-Jun-2008
HyperchipUnknown9-Jun-2008
Icon LabsVulnerable9-Jun-2008
Ingrian Networks, Inc.Unknown9-Jun-2008
Intel CorporationUnknown9-Jun-2008
Internet Security Systems, Inc.Not Vulnerable10-Jun-2008
IntotoUnknown9-Jun-2008
IP FilterUnknown9-Jun-2008
Juniper Networks, Inc.Unknown9-Jun-2008
Linksys (A division of Cisco Systems)Unknown9-Jun-2008
Lucent TechnologiesUnknown9-Jun-2008
Luminous NetworksUnknown9-Jun-2008
McAfeeNot Vulnerable11-Jun-2008
MontaVista Software, Inc.Unknown9-Jun-2008
Multinet (owned Process Software Corporation)Unknown9-Jun-2008
Multitech, Inc.Unknown9-Jun-2008
NEC CorporationUnknown9-Jun-2008
Network Appliance, Inc.Unknown9-Jun-2008
NextHop Technologies, Inc.Unknown9-Jun-2008
NokiaUnknown9-Jun-2008
Nortel Networks, Inc.Unknown9-Jun-2008
QNX, Software Systems, Inc.Unknown9-Jun-2008
Riverstone Networks, Inc.Unknown9-Jun-2008
Sony CorporationUnknown9-Jun-2008
StonesoftNot Vulnerable23-Jun-2008
Symantec, Inc.Unknown9-Jun-2008
TippingPoint, Technologies, Inc.Not Vulnerable10-Jul-2008
Watchguard Technologies, Inc.Unknown9-Jun-2008
Wind River Systems, Inc.Unknown9-Jun-2008
ZyXELUnknown9-Jun-2008

References


http://www.icon-labs.com/news/read.asp?newsID=77
http://tools.ietf.org/html/rfc4252

Credit

Thanks to Icon Labs for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:2008-05-21
Date First Published:2008-06-09
Date Last Updated:2008-07-10
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:5.62
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader