Multiple Vendor SSH2 Implementation Empty Elements / Multiple Separator Vulnerabilities

Multiple Vendor SSH2 Implementation Empty Elements / Multiple Separator Vulnerabilities

A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators.

The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit this vulnerability to perform denial of service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code.

Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.