Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

SSH Communications Security Information for VU#389665

Date Notified:2002-10-18
Date Updated:
Status Summary:Vulnerable

Vendor Statement

With SSH Secure Shell the worst case effect of the vulnerability is a denial of service (DoS) for a single child-server (connection). This cannot be exploited to gain access to the host and this does not affect the parent server in any wa nor does it hinder the server's ability to receive new connections - it only affects the child server that is handling connections to the malicious client, or a client application that is connecting to a malicious server. No arbitrary code can be executed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The SSH Communications Security implementation of the SSH transport layer protocol appears to be vulnerable to a null-pointer dereference, which can cause a client or child server process to crash. Existing connections and the ability to make new connections to the server are not affected. The client application terminates. The impact of this vulnerability seems to be limited to denial of service.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information