MidnightBSD

Advisories for fissh

CVE-2002-1357 HIGH

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
cisco ios 12.2
putty putty 0.48
cisco ios 12.1t
cisco ios 12.0s
winscp winscp 2.0.0
putty putty 0.53
pragma_systems secureshell 2.0
putty putty 0.49
intersoft securenetterm 5.4.1
cisco ios 12.1ea
cisco ios 12.2s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2t
cisco ios 12.1e
fissh ssh_client 1.0a_for_windows
cisco ios 12.0st
CVE-2002-1358 HIGH

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cisco ios 12.2
putty putty 0.48
cisco ios 12.1t
cisco ios 12.0s
winscp winscp 2.0.0
putty putty 0.53
pragma_systems secureshell 2.0
putty putty 0.49
intersoft securenetterm 5.4.1
cisco ios 12.1ea
cisco ios 12.2s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2t
cisco ios 12.1e
fissh ssh_client 1.0a_for_windows
cisco ios 12.0st
CVE-2002-1359 HIGH

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cisco ios 12.2
putty putty 0.48
cisco ios 12.1t
cisco ios 12.0s
winscp winscp 2.0.0
putty putty 0.53
pragma_systems secureshell 2.0
putty putty 0.49
intersoft securenetterm 5.4.1
cisco ios 12.1ea
cisco ios 12.2s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2t
cisco ios 12.1e
fissh ssh_client 1.0a_for_windows
cisco ios 12.0st
CVE-2002-1360 HIGH

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cisco ios 12.2
putty putty 0.48
cisco ios 12.1t
cisco ios 12.0s
winscp winscp 2.0.0
putty putty 0.53
pragma_systems secureshell 2.0
putty putty 0.49
intersoft securenetterm 5.4.1
cisco ios 12.1ea
cisco ios 12.2s
netcomposite shellguard_ssh 3.4.6
cisco ios 12.2t
cisco ios 12.1e
fissh ssh_client 1.0a_for_windows
cisco ios 12.0st