Cisco Systems Inc. Information for VU#945216
SSH CRC32 attack detection code contains remote integer overflow
- Vendor Information Help Date Notified: 31 Oct 2001
- Statement Date:
- Date Updated: 13 Dec 2001
Cisco has confirmed that their products are not affected by VU#945216.
The vendor has not provided us with any further information regarding this vulnerability.
Several public sources have speculated that Cisco SSH implementations are affected by this vulnerability, citing a Cisco Security Advisory released in June 2001 as documentation of the vulnerability. However, the Cisco advisory referenced above documents the SSH1 protocol vulnerability described in VU#13877, not the remote integer overflow described in VU#945216.
If you have feedback, comments, or additional information about this vulnerability, please send us email.