Denial of Service and Remote Code Execution Vulnerability in SSH2 Implementations
CVE-2002-1357

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ssh Client; Securenetterm; Shellguard Ssh
Vendor: CVE Published:; 23 December 2002

Summary

The vulnerability affects multiple SSH2 protocol implementations that fail to correctly manage packets with improper length designators. This oversight can lead to situation where remote attackers exploit the flaw to disrupt service, potentially resulting in a denial of service condition. In extreme cases, it could also enable attackers to execute arbitrary code on vulnerable systems, presenting significant security risks. Tools like the SSHredder SSH protocol test suite have demonstrated the impact of this vulnerability, highlighting the urgency of addressing these weaknesses across affected platforms.

References

http://securitytracker.com/id?1005812

vdb-entryx_refsource_SECTRACK

http://www.cert.org/advisories/CA-2002-36.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 14, 2002