SSH Vulnerabilities
Updated 5/23/02
Impact
This document will detail some vulnerabilities in the ssh cryptographic
login program. Outdated versions of ssh may allow a
malicious user to log in as another user, to insert arbitrary commands
into a session, or to gain remote root access to the ssh
server.
Note: While the stoplight on this page indicates the highest possible severity level
(and thus the most dire consequences if this vulnerability is indeed exploited), consult the bullet
next to the link to this tutorial to check your actual susceptibility to this vulnerability. If the bullet is
red, then we have detected a version of ssh that is susceptible to a vulnerability
which could allow unauthorized access.
Please read the rest of this document to learn about possible solutions. If the bullet
is brown, then we were unable to gather sufficient information to tell whether
or not ssh is vulnerable. Please read this document for further details.
Background
This section is only available with the purchase of
SAINTwriter,
SAINTexpressSM, or
WebSAINTSM.
The Problems and Resolutions
This section is only available with the purchase of
SAINTwriter,
SAINTexpressSM, or
WebSAINTSM.
Where can I read more about this?
This section is only available with the purchase of
SAINTwriter,
SAINTexpressSM, or
WebSAINTSM.