| VID |
14023 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
Ssh |
| Detailed Description |
The version of the SSH server is older than (or as old as) version 1.2.23. The SSH server, according to its version number, allows an attacker to insert encrypted blocks in the stream that will decrypt to arbitrary commands to be executed on the ssh server, aka the "SSH insertion attack". SSH (Secure Shell) is a client-server program for authentication and encryption of network communications.
Affected versions, when used in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet. SSH versions 1.2.23 and earlier have this vulnerability, as do F-Secure versions 1.3.4 and earlier. If you are not sure which version you are running, type 'ssh -V' on the system, and it will tell you which version is installed.
* References:
http://www.corest.com/pressroom/advisories_desplegado.php?idxsection=10&idx=131#
http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525878&w=2 |
| Recommendation |
Upgrade ssh to version 1.2.25 or higher from SSH ftp site, ftp://ftp.ssh.com/pub/ssh/, or to F-Secure version 1.3.5 or higher from F-Secure download web site, http://www.f-secure.com/download-purchase/. F-Secure users with a support contract can obtain an upgrade from their local retailer. |
| Related URL |
CVE-1999-1085 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
