National Cyber-Alert System
Vulnerability Summary: CVE-2002-1357
Orirignal release date: 2002-12-23
Source: US-CERT/NIST

Overview

    Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

Impact

    CVSS Severity: 8 (High)
    Range: remote
    Authentication: design
    Impact Type: avail,sec_prot other="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    Shellguard SSH (NetComposite)
    SecureNetTerm (InterSoft)
    IOS (Cisco)
    SSH Client (FiSSH)
    SecureShell (Pragma Systems)
    PuTTY (Simon Tatham)
    WinSCP (WinSCP)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1357