Researchers Warn of Serious SSH Flaws | eWeek

Researchers Warn of Serious SSH Flaws

Écrit par
Dennis Fisher
Dennis Fisher
Dec 16, 2002
1 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Security researchers have discovered a set of vulnerabilities in several vendors implementations of the SSHv2 protocol that could give an attacker the ability to execute code on remote machines. The new flaws are especially dangerous in that they occur before authentication takes place.

The SSH (secure shell) protocol is a transport layer protocol that enables clients to connect securely to a remote server. Its often used for remote administration purposes.

Although the results of exploiting one of these vulnerabilities varies by vendor and vulnerability, attackers could, in some cases, run code on remote machines or launch denial-of-service attacks. Rapid 7 Inc., the New York-based security company that found the vulnerabilities, only tested SSHv2 implementations but said that some SSHv1 implementations may be vulnerable as well.

Most of the flaws involve memory access violations and all of them are found in the greeting and key-exchange phase of the SSH transmission. Among the vendors whose products are vulnerable are SSH Communications Security Inc., F-Secure Corp., InterSoft International Inc., and several others. However, both SSH Communications and F-Secure say that the vulnerabilities are not exploitable in their software.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.