SSH Communications Security Information for VU#389665

Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization

Status

Affected

Vendor Statement

With SSH Secure Shell the worst case effect of the vulnerability is a denial of service (DoS) for a single child-server (connection). This cannot be exploited to gain access to the host and this does not affect the parent server in any wa nor does it hinder the server's ability to receive new connections - it only affects the child server that is handling connections to the malicious client, or a client application that is connecting to a malicious server. No arbitrary code can be executed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The SSH Communications Security implementation of the SSH transport layer protocol appears to be vulnerable to a null-pointer dereference, which can cause a client or child server process to crash. Existing connections and the ability to make new connections to the server are not affected. The client application terminates. The impact of this vulnerability seems to be limited to denial of service.

If you have feedback, comments, or additional information about this vulnerability, please send us email.