Intrusion Prevention

SSH.CRC32.Compensation.Attack

Description

It indicates an overflow vulnerability in a Secure Shell (SSH) implementation.


SSH is used to remotely connect systems over encrypted TCP sessions. Due to a flaw in the CRC32 compensation attack detection, an attacker can execute arbitrary commands on a target by sending a specially-crafted packet to the SSH daemon.

Affected Products

The following systems are vulnerable to the attack:


OpenSSH prior to version 2.2.


SSH Secure Communications prior to 1.2.31


Cisco IOS 12.1, 12.2

Impact

Attackers gain root privileges on the victim system and can execute arbitrary commands.

Recommended Actions

Upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2001-0144