SSH Malformed Packet Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Certain Cisco products containing support for the Secure Shell (SSH)
server are vulnerable to a Denial of Service (DoS) if the SSH server is
enabled on the device. A malformed SSH packet directed at the affected
device can cause a reload of the device. No authentication is necessary
for the packet to be received by the affected device. The SSH server in
Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as
soon as possible.

The malformed packets can be generated using the SSHredder test suite
from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not
aware of any malicious exploitation of this vulnerability.

See also :

http://www.rapid7.com/security-center/advisories/R7-0009.jsp
http://www.nessus.org/u?aed52b80
http://www.nessus.org/u?212f29f0

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20021219-ssh-packet

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48968 (cisco-sa-20021219-ssh-packethttp.nasl)

Bugtraq ID: 6405
6407
6408
6410

CVE ID: CVE-2002-1357
CVE-2002-1358
CVE-2002-1359
CVE-2002-1360