SSH Multiple Remote Vulnerabilities
Medium Nessus Plugin ID 11195
SynopsisIt may be possible to crash the SSH server on the remote host.
DescriptionAccording to its banner, the remote SSH server is affected by one or more of the following vulnerabilities :
- CVE-2002-1357 (incorrect length)
- CVE-2002-1358 (lists with empty elements/empty strings)
- CVE-2002-1359 (large packets and large fields)
- CVE-2002-1360 (string fields with zeros)
The impact of successful exploitation of these vulnerabilities varies across products. In some cases, remote attackers will be able to execute arbitrary code with the privileges of the SSH process (usually root), although for the products currently tested, the maximum impact is believed to be just a denial of service.
SolutionContact the vendor for an update.