Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SSH < 1.2.25 CBC/CFB Data Stream Injection

Medium

Synopsis

The remote host is vulnerable to an flaw that allows attackers to execute arbitrary commands.

Description

The remote host is running a version of SSH which is older than (or as old as) 1.2.23. This version is vulnerable to a known plaintext attack that may allow an attacker to insert encrypted packets in the client - server stream that will be deciphered by the server, thus allowing an attacker to execute arbitrary commands on the remote server.

Solution

Upgrade to SSH-1.2.25 or higher.