Contributed by jose on from the unbreakable? dept.
" Rapid7 has discovered a new class of vulnerabilities affecting SSH2 implementations from many vendors. These vulnerabilities affect a wide variety of SSH servers and SSH clients, including F-Secure, SSH Inc., PuTTY, etc. OpenSSH is not affected.Good to see that the careful design of OpenSSH can withstand the brutality of the shredder. CERT has released CA-2002-36 on the issue.
To test the security and robustness of a wide variety of SSH implementations, designed an SSH protocol test suite called SSHredder . The SSHredder test suite contains a large number of SSH2 protocol test cases and has been released under a BSD license. These test cases were systematically crafted to expose a wide range of vulnerabilities in SSH implementations. Rapid7's testing has revealed many defects ranging from simple buffer overflows to subtle string-handling errors."
(Comments are closed)