CORE SDI Information for VU#945216
SSH CRC32 attack detection code contains remote integer overflow
- Vendor Information Help Date Notified: 08 Feb 2001
- Statement Date:
- Date Updated: 13 Dec 2001
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The code used to detect and block CRC32 attacks was written in 1998 by CORE SDI and was subsequently incorporated into several SSH implementations. If your version of SSH contains a derivative of the code module below, the CERT/CC recommends that you disable the SSH1 service and contact your vendor for upgrade options.
If you have feedback, comments, or additional information about this vulnerability, please send us email.