Cisco Systems Inc. Information for VU#945216

SSH CRC32 attack detection code contains remote integer overflow

Status

Not Affected

Vendor Statement

Cisco has confirmed that their products are not affected by VU#945216.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Several public sources have speculated that Cisco SSH implementations are affected by this vulnerability, citing a Cisco Security Advisory released in June 2001 as documentation of the vulnerability. However, the Cisco advisory referenced above documents the SSH1 protocol vulnerability described in VU#13877, not the remote integer overflow described in VU#945216.

If you have feedback, comments, or additional information about this vulnerability, please send us email.