SSH Malformed Packet Vulnerabilities - Cisco Systems
Critical Nessus Plugin ID 48968
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionCertain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.
Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
SolutionApply the relevant patch referenced in Cisco Security Advisory cisco-sa-20021219-ssh-packet