Vulnerability Note VU#626979

Icon Labs SSH server vulnerabilities

Original Release date: 09 Jun 2008 | Last revised: 23 Apr 2009

Overview

The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash.

Description

The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. Versions of the Iconfident server prior to 2.3.8 contain multiple denial of service vulnerabilities.

Impact

A remote, unauthenticated attacker may be able to cause a vulnerable system to crash or become unable to accept remote SSH connections.

Solution

Upgrade

Icon Labs has released Iconfident SSH server 2.3.8 to address these issues.


Restrict access

Restricting access to the Iconfident SSH server by using access control lists or firewall rules may prevent an attacker from exploiting this vulnerability.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Cisco Systems, Inc.Affected01 Feb 200812 Jun 2008
Icon LabsAffected18 Feb 200809 Jun 2008
EricssonNot Affected09 Jun 200812 Jun 2008
Extreme NetworksNot Affected09 Jun 200823 Apr 2009
Foundry Networks, Inc.Not Affected09 Jun 200810 Jul 2008
Internet Security Systems, Inc.Not Affected09 Jun 200810 Jun 2008
McAfeeNot Affected09 Jun 200811 Jun 2008
StonesoftNot Affected09 Jun 200823 Jun 2008
TippingPoint, Technologies, Inc.Not Affected09 Jun 200810 Jul 2008
3com, Inc.Unknown09 Jun 200809 Jun 2008
AlcatelUnknown09 Jun 200809 Jun 2008
AT&TUnknown09 Jun 200809 Jun 2008
Avaya, Inc.Unknown09 Jun 200809 Jun 2008
Borderware TechnologiesUnknown09 Jun 200809 Jun 2008
BroUnknown09 Jun 200809 Jun 2008
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Icon Labs for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: Unknown
  • Date Public: 21 May 2008
  • Date First Published: 09 Jun 2008
  • Date Last Updated: 23 Apr 2009
  • Severity Metric: 5.62
  • Document Revision: 12

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.