Intrusion Prevention

SSH.Client.Key.Exchange.Overflow

Description

SSH (Secure Shell) is a client-server program enables a secure communications channel from a client to a server. Multiple vendor SSH2 transport layer protocol implementations are vulnerable to multiple buffer overflows, caused by improper bounds checking of packet sizes and fields. By sending an overly large packet or a packet with an overly long field size during SSH key exchange and initialization, a remote attacker could overflow a buffer in the vulnerable SSH client or server and cause the SSH service to crash or execute arbitrary code on the system with privileges of the SSH process.

Affected Products

WinSCP WinSCP 2.0 .0
Simon Tatham PuTTY 0.53
Simon Tatham PuTTY 0.49
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Simon Tatham PuTTY 0.48
Pragma Systems SecureShell 2.0
NetComposite Shellguard SSH 3.4.6
InterSoft SecureNetTerm 5.4.1
FiSSH SSH Client For Windows 1.0 A
Cisco WebNS 7.10
Cisco WebNS 7.1 0.2.06
+ Cisco CSS11000 Content Services Switch
+ Cisco CSS11050 Content Services Switch
+ Cisco CSS11150 Content Services Switch
+ Cisco CSS11501 Content Services Switch
+ Cisco CSS11503 Content Services Switch
+ Cisco CSS11506 Content Services Switch
+ Cisco CSS11800 Content Services Switch
Cisco WebNS 7.1 0.1.02
+ Cisco CSS11000 Content Services Switch
+ Cisco CSS11050 Content Services Switch
+ Cisco CSS11150 Content Services Switch
+ Cisco CSS11501 Content Services Switch
+ Cisco CSS11503 Content Services Switch
+ Cisco CSS11506 Content Services Switch
+ Cisco CSS11800 Content Services Switch
Cisco WebNS 5.20
Cisco WebNS 5.10
Cisco WebNS 5.1 0.0.10
+ Cisco CSS11000 Content Services Switch
+ Cisco CSS11050 Content Services Switch
+ Cisco CSS11150 Content Services Switch
+ Cisco CSS11501 Content Services Switch
+ Cisco CSS11503 Content Services Switch
+ Cisco CSS11506 Content Services Switch
+ Cisco CSS11800 Content Services Switch
Cisco PIX Firewall 6.2.2 .111
Cisco PIX Firewall 6.2.2
Cisco PIX Firewall 6.2.1
Cisco PIX Firewall 6.2 (2)
Cisco PIX Firewall 6.2 (1)
Cisco PIX Firewall 6.2
Cisco PIX Firewall 6.1.4
Cisco PIX Firewall 6.1.3
Cisco PIX Firewall 6.1 (4)
Cisco PIX Firewall 6.1 (3)
Cisco PIX Firewall 6.1 (2)
Cisco PIX Firewall 6.1 (1)
Cisco PIX Firewall 6.1
Cisco PIX Firewall 6.0.4
Cisco PIX Firewall 6.0.3
Cisco PIX Firewall 6.0 (4)
Cisco PIX Firewall 6.0 (2)
Cisco PIX Firewall 6.0 (1)
Cisco PIX Firewall 6.0
Cisco ONS 15600 1.3 (0)
Cisco ONS 15600 1.1 (1)
Cisco ONS 15600 1.1 (0)
Cisco ONS 15600 1.1
Cisco ONS 15600 1.0
Cisco ONS 15454SDH 4.6 (1)
Cisco ONS 15454SDH 4.6 (0)
Cisco ONS 15454SDH 4.5
Cisco ONS 15454SDH 4.1 (3)
Cisco ONS 15454SDH 4.1 (2)
Cisco ONS 15454SDH 4.1 (1)
Cisco ONS 15454SDH 4.1 (0)
Cisco ONS 15454SDH 4.0 (2)
Cisco ONS 15454SDH 4.0 (1)
Cisco ONS 15454SDH 4.0 (0)
Cisco ONS 15454SDH 4.0
Cisco ONS 15454SDH 3.4
Cisco ONS 15454SDH 3.3
Cisco ONS 15454SDH 3.2
Cisco ONS 15454SDH 3.1
Cisco ONS 15454SDH 2.3 (5)
Cisco ONS 15454E Optical Transport Platform
Cisco ONS 15454 Optical Transport Platform 4.14
Cisco ONS 15454 Optical Transport Platform 4.6 (1)
Cisco ONS 15454 Optical Transport Platform 4.6 (0)
Cisco ONS 15454 Optical Transport Platform 4.5
Cisco ONS 15454 Optical Transport Platform 4.1 (3)
Cisco ONS 15454 Optical Transport Platform 4.1 (2)
Cisco ONS 15454 Optical Transport Platform 4.1 (1)
Cisco ONS 15454 Optical Transport Platform 4.1 (0)
Cisco ONS 15454 Optical Transport Platform 4.1
Cisco ONS 15454 Optical Transport Platform 4.0 (2)
Cisco ONS 15454 Optical Transport Platform 4.0 (1)
Cisco ONS 15454 Optical Transport Platform 4.0
Cisco ONS 15454 Optical Transport Platform 3.4
Cisco ONS 15454 Optical Transport Platform 3.3
Cisco ONS 15454 Optical Transport Platform 3.2 .0
Cisco ONS 15454 Optical Transport Platform 3.1 .0
Cisco ONS 15454 Optical Transport Platform 3.0
Cisco ONS 15454 Optical Transport Platform 2.3 (5)
Cisco ONS 15454 IOS-Based Blades
Cisco ONS 15327 Metro Edge Optical Transport Platform
Cisco ONS 15327 4.14
Cisco ONS 15327 4.6 (1)
Cisco ONS 15327 4.6 (0)
Cisco ONS 15327 4.1 (3)
Cisco ONS 15327 4.1 (2)
Cisco ONS 15327 4.1 (1)
Cisco ONS 15327 4.1 (0)
Cisco ONS 15327 4.0 (2)
Cisco ONS 15327 4.0 (1)
Cisco ONS 15327 4.0
Cisco ONS 15327 3.4
Cisco ONS 15327 3.3
Cisco ONS 15327 3.2
Cisco ONS 15327 3.1
Cisco ONS 15327 3.0
Cisco IOS 12.2 T
Cisco IOS 12.2 S
Cisco IOS 12.2 (1)T
Cisco IOS 12.2 (1)S
Cisco IOS 12.2 (1)
Cisco IOS 12.2
Cisco IOS 12.1 T
Cisco IOS 12.1 EA
Cisco IOS 12.1 E
Cisco IOS 12.1 (5a)E
Cisco IOS 12.1 (1)T
Cisco IOS 12.0 ST
Cisco IOS 12.0 S
Cisco IOS 12.0 (5)S
Cisco IOS 12.0 (16)ST
Cisco Firewall Services Module 2.1 (0.208)
Cisco Aironet Firmware 12.0 1T
Cisco Aironet Firmware 12.0 0T

Impact

Attackers could execute arbitrary code.

Recommended Actions

Upgrade to a non-vulnerable version.
Simon Tatham PuTTY 0.49
Simon Tatham putty0.53b
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Simon Tatham putty0.53b
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Cisco IOS 12.0 ST
http://www.cisco.com
Pragma Systems SecureShell 2.0
http://www.pragmasys.com/SecureShell/Update/
InterSoft SecureNetTerm 5.4.1
http://www.securenetterm.com/html/beasecurenetterm.html

CVE References

CVE-2002-1359