Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1359

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-1359
Last Modified 04 Mar 2009 12:14:08
Published 23 Dec 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1359

Summary

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.

Vulnerable Systems

Operating System

  • Cisco Ios 12.0s

  • Cisco Ios 12.0st

  • Cisco Ios 12.1e

  • Cisco Ios 12.1ea

  • Cisco Ios 12.1t

  • Cisco Ios 12.2

  • Cisco Ios 12.2s

  • Cisco Ios 12.2t

Application

  • Fissh Ssh Client 1.0a For Windows

  • Intersoft Securenetterm 5.4.1

  • Netcomposite Shellguard Ssh 3.4.6

  • Pragma Systems Secureshell 2.0

  • Putty 0.48

  • Putty 0.49

  • Putty 0.53

  • Winscp 2.0.0


References

CERT - CA-2002-36

XF - ssh-transport-multiple-bo(10870)

BID - 6407

SECTRACK - 1005813

SECTRACK - 1005812

VULNWATCH - 20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors


Last Updated: 27 May 2016 10:37:18