funsec mailing list archives
Cisco Security Advisory: SSH Malformed Packet Vulnerabilities
From: "Fergie (Paul Ferguson)" <fergdawg () netzero net>
Date: Wed, 12 Oct 2005 19:06:42 GMT
More fun! Via the Cisco website. [snip] Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOSĀ® is disabled by default. Cisco will be making free software available to correct the problem as soon as possible. The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml [snip] - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cisco Security Advisory: SSH Malformed Packet Vulnerabilities Fergie (Paul Ferguson) (Oct 12)
- Re: Cisco Security Advisory: SSH Malformed Packet Dr. Neal Krawetz (Oct 12)