Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netcomposite | shellguard_ssh | 3.4.6 |
| cisco | ios | 12.2 |
| cisco | ios | 12.0s |
| winscp | winscp | 2.0.0 |
| cisco | ios | 12.1ea |
| cisco | ios | 12.1e |
| cisco | ios | 12.2s |
| intersoft | securenetterm | 5.4.1 |
| putty | putty | 0.53 |
| cisco | ios | 12.2t |
| putty | putty | 0.49 |
| cisco | ios | 12.1t |
| cisco | ios | 12.0st |
| putty | putty | 0.48 |
| fissh | ssh_client | 1.0a_for_windows |
| pragma_systems | secureshell | 2.0 |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netcomposite | shellguard_ssh | 3.4.6 |
| cisco | ios | 12.2 |
| cisco | ios | 12.0s |
| winscp | winscp | 2.0.0 |
| cisco | ios | 12.1ea |
| cisco | ios | 12.1e |
| cisco | ios | 12.2s |
| intersoft | securenetterm | 5.4.1 |
| putty | putty | 0.53 |
| cisco | ios | 12.2t |
| putty | putty | 0.49 |
| cisco | ios | 12.1t |
| cisco | ios | 12.0st |
| putty | putty | 0.48 |
| fissh | ssh_client | 1.0a_for_windows |
| pragma_systems | secureshell | 2.0 |
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netcomposite | shellguard_ssh | 3.4.6 |
| cisco | ios | 12.2 |
| cisco | ios | 12.0s |
| winscp | winscp | 2.0.0 |
| cisco | ios | 12.1ea |
| cisco | ios | 12.1e |
| cisco | ios | 12.2s |
| intersoft | securenetterm | 5.4.1 |
| putty | putty | 0.53 |
| cisco | ios | 12.2t |
| putty | putty | 0.49 |
| cisco | ios | 12.1t |
| cisco | ios | 12.0st |
| putty | putty | 0.48 |
| fissh | ssh_client | 1.0a_for_windows |
| pragma_systems | secureshell | 2.0 |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netcomposite | shellguard_ssh | 3.4.6 |
| cisco | ios | 12.2 |
| cisco | ios | 12.0s |
| winscp | winscp | 2.0.0 |
| cisco | ios | 12.1ea |
| cisco | ios | 12.1e |
| cisco | ios | 12.2s |
| intersoft | securenetterm | 5.4.1 |
| putty | putty | 0.53 |
| cisco | ios | 12.2t |
| putty | putty | 0.49 |
| cisco | ios | 12.1t |
| cisco | ios | 12.0st |
| putty | putty | 0.48 |
| fissh | ssh_client | 1.0a_for_windows |
| pragma_systems | secureshell | 2.0 |
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intersoft | netterm | 4.2.2 |