Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1085

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-1999-1085
Last Modified 05 Sep 2008 04:18:41
Published 12 Jun 1998 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1085

Summary

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

Vulnerable Systems

Application

  • Ssh Secure Shell 1.2.23

  • Ssh Secure Shell 1.2.25


References

CERT-VN - VU#13877

BUGTRAQ - 19980703 UPDATE: SSH insertion attack

BUGTRAQ - 19980612 CORE-SDI-04: SSH insertion attack

XF - ssh-insert(1126)


Last Updated: 27 May 2016 10:35:16