SSH CRC-32 Compensation Attack Remote Overflow
Critical Nessus Plugin ID 10607
SynopsisIt is possible to execute arbitrary code on the remote host.
DescriptionThe remote host is running a version of SSH that is older than version 1.2.32, or a version of OpenSSH that is older than 2.3.0.
The remote version of this software is vulnerable to a flaw known as a 'CRC-32 compensation attack' that could allow an attacker to gain a root shell on this host.
SolutionUpgrade to version 1.2.32 of SSH which solves this problem, or to version 2.3.0 of OpenSSH.