Denial of Service Vulnerability in Multiple SSH2 Servers and Clients
CVE-2002-1358

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ssh Client; Securenetterm; Shellguard Ssh
Vendor: CVE Published:; 23 December 2002

Summary

Several SSH2 implementations across multiple vendors fail to correctly manage empty elements or strings within list structures. This oversight could be exploited by remote attackers, potentially leading to a denial of service or allowing the execution of arbitrary code. The vulnerability's existence was notably highlighted by the SSHredder SSH protocol testing suite, which showcases the severity of improper element handling within crucial network protocols.

References

http://securitytracker.com/id?1005812

vdb-entryx_refsource_SECTRACK

http://www.cert.org/advisories/CA-2002-36.html

third-party-advisoryx_refsource_CERT

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 14, 2002