SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server.
SSH Communications' Secure Shell contains a vulnerability in the decoding of BER/DER encoded packets. According to the SSH Communications Advisory:
BER/DER encoding is applied in digital certificates, which are used for authenticating a user to a host. Certificates are also commonly used for authenticating SSL/TLS connections.
A remote unauthenticated attaker may be able to crash the target server, causing a denial of service. Exploitation may also permit the execution of arbitrary code.
SSH Communications has released version 3.2.9 of SSH Secure Shell to resolve this issue. Please see the SSH Communications' Advisory for more details on upgrading. Likewise, vendors that redistribute versions of this product may provide their own patches or updates.
According to the SSH Communications' Advisory:
Thanks to Stonesoft for reporting this vulnerability.
This document was written by Jason A Rafail.
|Date First Published:||2003-10-03|
|Date Last Updated:||2003-10-07 13:45 UTC|