Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization

Overview

Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. A remote attacker could execute arbitrary code with the privileges of the SSH process or cause a denial of service.

Description

From the IETF draft SSH Transport Layer Protocol:

SSH is a protocol for secure remote login and other secure network services over an insecure network.

This document describes the SSH transport layer protocol which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.

Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.
Rapid7 has developed a suite of test cases (SSHredder) that examine the connection initialization, key exchange, and negotiation phase (KEX, KEXINIT) of the SSH transport layer protocol. The suite tests the way an SSH transport layer implementation handles invalid or incorrect packet and string lengths, padding and padding length, malformed strings, and invalid algorithms.

The test suite has demonstrated a number of vulnerabilities in different vendors’ SSH products. These vulnerabilities include buffer overflows, and they occur before user authentication takes place. Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

CAN-2002-1357: incorrect length fields, i.e. specified length field does not match the actual length of the input

CAN-2002-1358: lists with empty elements or multiple separators

CAN-2002-1359: “classic” buffer overflows (length field, if present, is consistent with the actual length of buffer)

CAN-2002-1360: null characters in strings (which trigger conflicts between delimiter-based and length-based strings)
Rapid7 has posted an advisory (R7-0009) and the SSHredder test suite.

---

Impact

The impact will vary for different vulnerabilities, but in some cases remote attackers could execute arbitrary code with the privileges of the SSH process. Both SSH servers and clients are affected. On Windows systems, SSH servers commonly run with SYSTEM privileges. SSH daemons on UNIX systems typically run with root privileges. In the case of SSH clients, any attacker-supplied code would run with the privileges of the user who started the client program. Additional privileges may be afforded to an attacker when the SSH client is configured to run with an effective user ID (setuid/setgid) of root. Attackers could also crash a vulnerable SSH process, causing a denial of service.
While OpenSSH does not appear to be affected, it is worth noting that privilege separation would greatly reduce the impact of arbitrary code execution during the KEXINIT phase.

---

Solution

Upgrade or Apply Patch

Upgrade or apply a patch as specified by your vendor.

---

Restrict Access

Until patches or upgrades are available, it may be possible to limit access to vulnerable SSH clients and servers using the built-in facilities of some SSH implementations, firewalls, packet-filters, TCP Wrappers, or other similar technology. Note that this workaround will not prevent exploitation of these vulnerabilities, it will only limit the number of potential sources of attacks.

Do Not Trust DNS

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address. Again, this will not prevent attacks, but it will remove the ability of an attacker to redirect a client using DNS cache poisoning or by compromising a DNS server.

---

Vendor Information

389665

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Alcatel __ Affected

Notified: December 06, 2002 Updated: May 05, 2003

Status

Affected

Vendor Statement

Following CERT advisory CA-2002-36 on security vulnerabilities in the SSH implementations, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. A first analysis showed that various Alcatel products were affected: namely the 6600, 7000 and 8000 OmniSwitches running AOS 5.1.3 and for which corrections had been made available to customers. This issue has now been fixed both in a AOS 5.1.3 maintenance release and in AOS 5.1.4. The security of our customers’ networks is of highest priority for Alcatel. Therefore we continue to test our product portfolio against potential SSH security vulnerabilities and will provide updates if necessary.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Cisco Systems Inc. __ Affected

Notified: October 19, 2002 Updated: December 20, 2002

Status

Affected

Vendor Statement

Cisco Systems has several products that are vulnerable to the attacks posed by the SSHredder test suite. Complete details are available at <http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml&gt;.

Based on initial testing and evaluation of this vulnerability, earlier versions of this advisory listed Cisco Systems as “Not Vulnerable.” Upon additional internal testing it was determined that some Cisco products were indeed vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

F-Secure __ Affected

Notified: October 19, 2002 Updated: December 02, 2002

Status

Affected

Vendor Statement

F-Secure SSH products are not exploitable via these attacks. While F-Secure SSH versions 3.1.0 build 11 and earlier crash on these malicious packets, we did not find ways to exploit this to gain unauthorized access or to run arbitrary code. Furthermore, the crash occurs in a forked process so the denial of service attacks are not possible.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Hewlett-Packard Company __ Affected

Notified: November 26, 2002 Updated: December 23, 2002

Status

Affected

Vendor Statement

SOURCE: Hewlett-Packard Company

HP Tru64 UNIX V5.1a or HP OpenVMS systems using SSH V2.4.1 should upgrade to SSH V3.2.

HP has investigated this report and find that our implementations within HP-UX are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Intersoft International Inc. __ Affected

Notified: November 09, 2002 Updated: January 07, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SecureNetTerm 5.4.2 addresses vulnerabilities discoverd by the Rapid7 test suite:

<http://www.securenetterm.com/html/what_s_new.html&gt;

<http://www.securenetterm.com/html/downloads.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Juniper Networks __ Affected

Notified: October 19, 2002 Updated: January 09, 2003

Status

Affected

Vendor Statement

Juniper Networks has determined that the software on the ERX router platforms is susceptible to this vulnerability. Patches for all supported releases are now available to resolve the vulnerability. Customers should contact the Juniper Networks Technical Assistance Center to obtain the latest patch.

Initial testing of the JUNOS software on Juniper’s M-, T-, and J-series routers has not revealed any susceptibility to this vulnerability. Juniper will continue testing, and if any problems are found, corrective action will be taken.

The Juniper G-series Cable Modem Termination Systems are not susceptible to this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Nortel Networks __ Affected

Notified: November 27, 2002 Updated: January 20, 2003

Status

Affected

Vendor Statement

The following Nortel Networks products are being assessed to determine whether they are potentially affected by the vulnerabilities identified in CERT Advisory CA-2002-36: Shasta Broadband Service Node and Shasta Service Creation System.

Passport 8000 Series Software is potentially affected; this issue will be addressed in the next maintenance releases
3.3.2.0, for version 3.3, scheduled for availability January 24th, 2003.
3.2.4, for version 3.2, scheduled for availability in Mid March 2003 (target)
Releases before 3.2.1 are not affected.
A product bulletin will be issued shortly.

STORM is potentially affected; a product bulletin will be issued shortly and this issue will be addressed in the next Maintenance Release scheduled for availability in March, 2003.

Other Nortel Networks products implementing SSH are not affected by the vulnerabilities identified in CERT Advisory CA-2002-36.

For more information please contact Nortel at:

North America: 1-8004NORTEL or 1-800-466-7835
Europe, Middle East and Africa: 00800 8008 9009, or +44 (0) 870 907 9009
Contacts for other regions are available at <<http://www.nortelnetworks.com/help/contact/global/&gt;&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Pragma Systems __ Affected

Notified: November 13, 2002 Updated: December 02, 2002

Status

Affected

Vendor Statement

December 16, 2002

Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a possible vulnerability with Version 2.0 of Pragma SecureShell. Pragma Systems tested Pragma SecureShell 2.0 and the upcoming new Version 3.0, and found that the attacks did cause a memory access protection fault on Microsoft platforms.

After research, Pragma Systems corrected the problem. The correction of the problem leads us to believe that any attack would not cause a Denial of Service, or the ability of random code to run on the server.

The problem is corrected in Pragma SecureShell Version 3.0. Any customers with concerns regarding this vulnerability report should contact Pragma Systems, Inc at [email protected] for information on obtaining an upgrade free of charge. Pragma’s web site is located at www.pragmasys.com and the company can be reached at 1-512-219-7270.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

PuTTY __ Affected

Notified: November 06, 2002 Updated: January 20, 2003

Status

Affected

Vendor Statement

PuTTY versions 0.53 and earlier are vulnerable to a buffer overrun discovered by SSHredder. Version 0.53b fixes this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

PuTTY acknowledged the existence of this vulnerability on 2002-11-07. See also:

<http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Riverstone Networks __ Affected

Notified: December 23, 2002 Updated: January 02, 2003

Status

Affected

Vendor Statement

Riverstone’s implemention of SSH is based on OpenSSH, which is not vulnerable to any of the particular tests that are run by the SSHredder test suite. However, while running the test suite under certain conditions the router can experience a problem causing it to reload.

For more details, please see <http://www.riverstonenet.com/support/support_security.shtml&gt; and the security advisory at <http://www.riverstonenet.com/support/tb0239-9.shtml&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

SSH Communications Security __ Affected

Notified: October 19, 2002 Updated: December 17, 2002

Status

Affected

Vendor Statement

With SSH Secure Shell the worst case effect of the vulnerability is a denial of service (DoS) for a single child-server (connection). This cannot be exploited to gain access to the host and this does not affect the parent server in any wa nor does it hinder the server’s ability to receive new connections - it only affects the child server that is handling connections to the malicious client, or a client application that is connecting to a malicious server. No arbitrary code can be executed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The SSH Communications Security implementation of the SSH transport layer protocol appears to be vulnerable to a null-pointer dereference, which can cause a client or child server process to crash. Existing connections and the ability to make new connections to the server are not affected. The client application terminates. The impact of this vulnerability seems to be limited to denial of service.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

WinSCP __ Affected

Notified: December 17, 2002 Updated: January 20, 2003

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Based on information from Rapid7 and Martin Prikryl, WinSCP 2.0 beta build 110 is vulnerable.

WinSCP appears to be based on PuTTY, and WinSCP 2.1 beta build 119 addresses a vulnerability discovered with SSHredder:

<http://winscp.vse.cz/eng/history.php#2.1.0.119&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

AppGate Network Security AB __ Not Affected

Updated: May 05, 2003

Status

Not Affected

Vendor Statement

AppGate builds on OpenSSH and is not vulnerable to this.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Apple Computer Inc. __ Not Affected

Notified: December 06, 2002 Updated: December 20, 2002

Status

Not Affected

Vendor Statement

Apple: Mac OS X and Mac OS X Server do not contain the vulnerabilities described in this report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Cray Inc. __ Not Affected

Notified: November 27, 2002 Updated: November 27, 2002

Status

Not Affected

Vendor Statement

Cray Inc. supports the OpenSSH product through their Cray Open Software (COS) package. COS 3.3, available the end of December 2002, is not vulnerable. If a site is concerned, they can contact their local Cray representive to obtain an early copy of the OpenSSH contained in COS 3.3.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

According to information on the CrayDoc web site, Cray Open Software 3.2 includes OpenSSH 3.4p1:

<http://www.cray.com/craydoc/manuals/S-2350-32/html-S-2350-32/zfixedegeqfbpi.html#Z1014921192FXB&gt;

For information about OpenSSH please see the OpenSSH vendor record.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Fujitsu __ Not Affected

Notified: November 27, 2002 Updated: December 02, 2002

Status

Not Affected

Vendor Statement

Fujitsu’s UXP/V OS is not vulnerable because it does not support SSH.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

IBM __ Not Affected

Notified: November 27, 2002 Updated: December 16, 2002

Status

Not Affected

Vendor Statement

IBM’s AIX is not vulnerable to the issues discussed in CERT Vulnerability Note VU#389665.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

MacSSH __ Not Affected

Notified: December 09, 2002 Updated: December 17, 2002

Status

Not Affected

Vendor Statement

I finally managed to find some time to run the test suite, and found no problem in MacSSH version 2.1fc3 (the last release available).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

MacSSH is based in part on lsh, which is also not vulnerable.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

NetScreen __ Not Affected

Notified: December 09, 2002 Updated: December 16, 2002

Status

Not Affected

Vendor Statement

Tested latest versions. Not Vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

OpenSSH __ Not Affected

Notified: October 19, 2002 Updated: December 13, 2002

Status

Not Affected

Vendor Statement

From my testing it seems that the current version of OpenSSH (3.5) is not vulnerable to these problems, and some limited testing shows that no version of OpenSSH is vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

VanDyke Software Inc. __ Not Affected

Notified: November 27, 2002 Updated: December 18, 2002

Status

Not Affected

Vendor Statement

From our testing it seems that the current versions of VanDyke’s Secure Shell implementations are not vulnerable to these problems, and some limited testing shows that no prior VanDyke Secure Shell implementations are vulnerable.

Official Releases Tested:

Server:

> VShell 2.1.1 October 15, 2002

Clients:

> SecureCRT 4.0.2 December 3, 2002
SecureFX 2.1.1 November 7, 2002
Entunnel 1.0.1 October 15, 2002

Older Releases Tested:

Servers:

> VShell 2.0.3 May 28, 2002
VShell 1.2.4 May 28, 2002

Clients:

> SecureCRT 3.4.7 November 7, 2002

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Xerox Corporation __ Not Affected

Updated: February 25, 2003

Status

Not Affected

Vendor Statement

A response to this advisory is available from our web site:

http://www.xerox.com/security.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

cryptlib __ Not Affected

Updated: March 11, 2003

Status

Not Affected

Vendor Statement

From testing against the SSHredder data the invalid packets are being caught and rejected by cryptlib’s packet validity-checking code, making it not vulnerable to the problem.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The cryptlib SSH implementation is reported to be not vulnerable:

<http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

lsh __ Not Affected

Notified: December 09, 2002 Updated: December 13, 2002

Status

Not Affected

Vendor Statement

I’ve now tried the testsuite with the latest stable release of lsh, lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

3Com Unknown

Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Avaya Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Bitvise Unknown

Notified: December 06, 2002 Updated: December 13, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Computer Associates Unknown

Notified: December 06, 2002 Updated: March 20, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

D-Link Systems Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Data General Unknown

Notified: November 27, 2002 Updated: November 27, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Foundry Networks Inc. Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

FreeBSD Unknown

Notified: December 06, 2002 Updated: March 20, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Intel Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Interpeak Unknown

Notified: December 17, 2002 Updated: March 11, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Lucent Technologies Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Massachusetts Institute of Technology (MIT) Unknown

Notified: December 09, 2002 Updated: December 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

NEC Corporation Unknown

Notified: November 27, 2002 Updated: November 26, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

NetBSD Unknown

Notified: December 06, 2002 Updated: March 20, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Netcomposite Unknown

Notified: November 25, 2002 Updated: March 11, 2003

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Network Appliance Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Nokia Unknown

Notified: November 11, 2002 Updated: December 03, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Red Hat Inc. Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Redback Networks Inc. Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

SGI Unknown

Notified: November 27, 2002 Updated: November 27, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Sony Corporation Unknown

Notified: November 27, 2002 Updated: November 27, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Sun Microsystems Inc. __ Unknown

Notified: November 25, 2002 Updated: February 17, 2003

Status

Unknown

Vendor Statement

The version of Secure Shell (SSH) shipped with Solaris 9 is not affected by the issues described in CERT VU#389665.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

TTSSH/TeraTerm Unknown

Notified: December 09, 2002 Updated: December 17, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

The SCO Group Unknown

Notified: December 06, 2002 Updated: December 20, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

The SCO Group Unknown

Notified: November 27, 2002 Updated: November 27, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

Unisys Unknown

Notified: November 27, 2002 Updated: November 27, 2002

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23389665 Feedback>).

View all 50 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.rapid7.com/advisories/R7-0009.txt&gt;
• <http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666&gt;
• <http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt&gt;
• <http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt&gt;
• <http://www.citi.umich.edu/u/provos/ssh/privsep.html&gt;

Acknowledgements

The CERT/CC thanks Rapid7 for researching and reporting these vulnerabilities.

This document was written by Art Manion and Shawn V. Hernan.

Other Information

CVE IDs:	CVE-2002-1357
CERT Advisory:	CA-2002-36 Severity Metric: