SSH Communications Security Information for VU#13877
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 06 Nov 2001
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Vendor References
None
Addendum
This vulnerability first addressed by incorporating code written by CORE-SDI to detect and block CRC32 attacks. However, an implementation error in this code caused the vulnerability described in VU#945216, which was ultimately addressed in Secure Shell 1.2.32, available at
SSH Communications has released a public statment regarding VU#945216; for more information, please visit
It is important to note that versions 2.x and 3.x of SSH Secure Shell do not serve as replacements for the SSH1 protocol. Rather, they rely upon an existing installation of Secure Shell 1.x to handle SSH1 connections. Thus, installing a version 2.x or 3.x server does not obviate the need to maintain installations of Secure Shell 1.x.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.