• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor SSH RSA Signature Forging Vulnerability

Solution:
SSH Communications has advised affected SSH IPSEC Express Toolkit users to upgrade to version 5.1.1, which is not vulnerable to this issue, or to apply a patch. Users are advised to contact the vendor for further details.

F-Secure has addressed this issue in recent versions. Please contact the vendor to obtain upgrades.

The following fixes are available:


SSH Communications Security SSH2 3.1

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.1

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.2

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.3

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.4

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.5

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.6

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.1.7

• SSH Communications Security Secure Shell 3.1.8 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-1.html


• SSH Communications Security Secure Shell 3.1.8 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-1.html

SSH Communications Security SSH2 3.2

• SSH Communications Security Secure Shell 3.2.5 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-2.html


• SSH Communications Security SSHSecureShellClient-3.2.5.exe
  For non-commercial users.
  ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe

SSH Communications Security SSH2 3.2.1

• SSH Communications Security Secure Shell 3.2.5 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-2.html


• SSH Communications Security SSHSecureShellClient-3.2.5.exe
  For non-commercial users.
  ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe

SSH Communications Security SSH2 3.2.2

• SSH Communications Security Secure Shell 3.2.5 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-2.html


• SSH Communications Security SSHSecureShellClient-3.2.5.exe
  For non-commercial users.
  ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe

SSH Communications Security SSH2 3.2.3

• SSH Communications Security Secure Shell 3.2.5 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-2.html


• SSH Communications Security SSHSecureShellClient-3.2.5.exe
  For non-commercial users.
  ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe

SSH Communications Security SSH2 3.2.4

• SSH Communications Security Secure Shell 3.2.5 for Servers
  http://www.ssh.com/support/downloads/secureshellserver/updates-and-pac kages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Windows Servers
  http://www.ssh.com/support/downloads/secureshellwinserver/updates-and- packages-3-2.html


• SSH Communications Security Secure Shell 3.2.5 for Workstations
  http://www.ssh.com/support/downloads/secureshellwks/updates-and-packag es-3-2.html


• SSH Communications Security SSHSecureShellClient-3.2.5.exe
  For non-commercial users.
  ftp://ftp.ssh.com/pub/ssh/SSHSecureShellClient-3.2.5.exe