SSH2 Protocol Vulnerability in Multiple Vendors' Implementations
CVE-2002-1360

Currently unrated

Key Information:

Vendor: Cisco
Status: Ios; Ssh Client; Securenetterm; Shellguard Ssh
Vendor: CVE Published:; 23 December 2002

Summary

Several SSH2 implementations fail to adequately handle strings containing null characters when their lengths are specified. This oversight can enable remote attackers to initiate denial of service attacks or even execute arbitrary code. The vulnerability stems from the improper usage of null-terminated strings, particularly prevalent in programming languages like C. This issue has been demonstrated using the SSHredder SSH protocol test suite.

References

http://securitytracker.com/id?1005812

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.cert.org/advisories/CA-2002-36.html

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability published
Dec 23, 2002
Vulnerability Reserved
Dec 14, 2002