CERT Vulnerability Note VU#945216 - SSH CRC32 Attack Detection Code Contains Remote Integer Overflow
A flaw in SSH1 protocol was discovered that could allow an attacker to create a remote integer overflow condition - leading to a denial of service condition. The error occurs when the attack detection function, while detecting for a CRC32 attack, receives a crafted SSH1 packet that causes a hash table with size of zero to be created and manipulated to execute arbitrary code. This could allow for execution of privilege commands and lead to a denial of service condition.
For more information on this vulnerability, visit the following Web sites:
http://www.kb.cert.org/vuls/id/945216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0144
Foundry Systems Affected:
All Foundry systems with software release prior to January 1, 2001 are affected. The vulnerability exposure that this SSH flaw creates is very difficult to perform on Foundry switches and routers. Foundry’s OS technology does not allow a user to change their privilege level once they are logged into the device. The threat that an individual can corrupt the hash mechanism to enable them to run other privileged commands is extremely low with Foundry devices and this expose is more likely to cause a denial of service affect.
Use the show version command to determine the software release you are running to determine if your software is vulnerable, dated prior to January 1, 2001. Patches are available that fix this vulnerability and customers should check with Foundry’s Technical Assistance Center (TAC) for the appropriate patch release.