Researchers Warn of Serious SSH Flaws
The SSH (secure shell) protocol is a transport layer protocol that enables clients to connect securely to a remote server. Its often used for remote administration purposes.
Although the results of exploiting one of these vulnerabilities varies by vendor and vulnerability, attackers could, in some cases, run code on remote machines or launch denial-of-service attacks. Rapid 7 Inc., the New York-based security company that found the vulnerabilities, only tested SSHv2 implementations but said that some SSHv1 implementations may be vulnerable as well.
Most of the flaws involve memory access violations and all of them are found in the greeting and key-exchange phase of the SSH transmission. Among the vendors whose products are vulnerable are SSH Communications Security Inc., F-Secure Corp., InterSoft International Inc., and several others. However, both SSH Communications and F-Secure say that the vulnerabilities are not exploitable in their software.