Multiple Vendor SSH2 Implementation Incorrect Field Length Vulnerabilities

A vulnerability with incorrect lengths of fields in SSH packets has been reported for multiple products that use SSH2 for secure communications.

The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit the vulnerability to perform denial-of-service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code.

Further details about the vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in Bugtraq ID 6397.


Privacy Statement
Copyright 2010, SecurityFocus