SSH Communications Security Information for VU#13877
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 06 Nov 2001
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
This vulnerability first addressed by incorporating code written by CORE-SDI to detect and block CRC32 attacks. However, an implementation error in this code caused the vulnerability described in VU#945216, which was ultimately addressed in Secure Shell 1.2.32, available at
SSH Communications has released a public statment regarding VU#945216; for more information, please visit
It is important to note that versions 2.x and 3.x of SSH Secure Shell do not serve as replacements for the SSH1 protocol. Rather, they rely upon an existing installation of Secure Shell 1.x to handle SSH1 connections. Thus, installing a version 2.x or 3.x server does not obviate the need to maintain installations of Secure Shell 1.x.