Exploit Code Posted for SSH Flaws | eWeek

Exploit Code Posted for SSH Flaws

Written By
Dennis Fisher
Dennis Fisher
Dec 30, 2002
1 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Subscribers to the BugTraq security mailing list got a belated and unwanted Christmas present over the weekend when someone posted exploit code for a set of recently discovered flaws in the SSHv2 protocol.

The code is designed to exploit one of the vulnerabilities on the Putty SSH client.

Putty is a freeware SSH and Telnet client for Windows systems. The BugTraq message, which contained the usual disclaimer that the code was for “educational/testing purposes” only, was posted by the security research division of a Spanish organization called I-Proyectos.

The SSH (secure shell) protocol is a transport layer protocol that enables clients to connect securely to a remote server. Its often used for remote administration purposes.

The end result of an exploitation of one of the vulnerabilities varies by vendor and vulnerability, but in some cases could allow attackers to run code on remote machines.

Other effects include denial-of-service. Rapid 7 Inc., the New York-based security company that found the vulnerabilities, only tested SSHv2 implementations. Most of the flaws involve memory access violations, and all of them are found in the greeting and key-exchange phase of the SSH transmission.

Although the exploit code was written for the Putty client, crackers regularly take such files and modify them to attack other vulnerable implementations. Security researchers often write exploits to test their own systems for vulnerabilities and then release the code publicly as a proof-of-concept. This is typically done after a patch is made available, as was the case with the SSH vulnerabilities.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.