CVE-2002-1360

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ssh Client; Securenetterm; Shellguard Ssh
Vendor: CVE Published:; 23 December 2002

Summary

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

References

http://securitytracker.com/id?1005812

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.cert.org/advisories/CA-2002-36.html

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 14, 2002