Cisco Security Advisory: SSH Malformed Packet Vulnerabilities

["Fergie (Paul Ferguson)" <fergdawg () netzero net>]

More fun!

Via the Cisco website.

[snip]

Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) 
if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload 
of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in 
Cisco IOS® is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The 
Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

[snip]

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.