Vulnerability: SSH protocol version 1 crc-32 compensation attack detector

This vulnerability is caused by integer-overflow in deattack.c function detect_attack() that enables an attacker to overwrite arbitrary parts of memory. Altered memory may affect code that is executed by the daemon with uid 0 and through execution give root access to the system.

Vulnerable versions include non-commercial Secure Shell versions 1.2.24 through 1.2.31. To fix, SSH recommends upgrading to SSH Secure Shell 3.0.1 through http://commerce.ssh.com/. (Optional upgrading to Secure Shell 1.2.32 is also available for non-commercial users through ftp://ftp.ssh.com/.)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments