Hi Guys,
I need some assistance to fix a SSH vulnerability attached below.
Iam using Putty ver 0.60.0.0 upgraded from ver 0.59.0.0
Vulnerability Details
Multiple Vendors SSH Transport Layer Protocol Vulnerabilities 7.5 High
Description:
Multiple vendors' SSH transport layer protocol allows attackers to
execute arbitrary code or cause a denial-of-service condition.
Recommendation:
To fix these problems, upgrade to the latest version by contacting the
vendor of a specific application.
Observation:
SSH (Secure Shell) is a UNIX-based command interface and protocol for
securely accessing remote computers.
Numerous releases of SSH contain four serious vulnerabilities allowing
attackers to cause a denial-of-service condition, or to execute
arbitrary commands on the targeted host.
Multiple SSH2 servers and clients do not properly handle packets or data
elements caused by improper length specifiers, which may allow remote
attackers to cause a denial
of service or possibly execute arbitrary code.
Multiple SSH2 servers and clients do not properly handle lists with
empty elements or strings, which may allow remote attackers to cause a
denial of service or possibly execute
arbitrary code.
Multiple SSH2 servers and clients do not properly handle large packets
or large fields, which may allow remote attackers to cause a denial of
service or possibly execute
arbitrary code.
Multiple SSH2 servers and clients do not properly handle strings with
null characters in them when the string length is specified by a length
field, which could allow remote
attackers to cause a denial of service of possibly execute arbitrary
code.
CAN-2002-1357
CAN-2002-1358
CAN-2002-1359
CAN-2002-1360
Vulnerable Systems:
F-Secure Corp.(UNIX)
v3.1.0
F-Secure Corp.(Windows)
v5.2
SSH Communications Security, Inc. (Windows)
v3.2.2
SSH Communications Security, Inc. (UNIX)
v3.2.2
FiSSH SSH client (Windows)
v1.0A
InterSoft Int'l, Inc. SecureNetTerm client (Windows)
v5.4.1
NetComposite ShellGuard SSH client (Windows)
v3.4.6
Pragma Systems, Inc. SecureShell SSH server (Windows)
v2
PuTTY SSH client (Windows)
v0.53
WinSCP SCP client (Windows)
v2.0.0
HP Tru64 UNIX
SSH version 2.4.1
HP OpenVMS SSH
SSH version 2.4.1
Common Vulnerabilities
Thanking you in advance
Regards
Wilfred
________________________________________________________________________________________
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to
it are, unless the context clearly indicates otherwise, the property of Siemens
Limited. It is confidential, private and intended for the addressee only. If
you are not the intended recipient and receive this communication in error, you
are hereby notified that any review, copying, use, discloser or distribution in
any manner whatsoever is strictly prohibited. Please notify the sender
immediately that you have received this e-mail in error and delete the e-mail
and any copies of it. Views and opinions expressed in this e-mail are those of
the sender unless clearly stated as those of Siemens Limited. Siemens Limited
accepts no liability for any loss or damage whatsoever, and howsoever incurred
or suffered resulting or arising from the use of this e-mail communication
and/or its attachments.
Siemens Limited does not warrant the integrity of this e-mail communication nor
that it is free of errors, viruses, interception or interference.
Siemens Limited, its divisions and subsidiary companies (Siemens) expressly
excludes sections 11, 12, and 13 of the Electronic Communications and
Transactions Act, 25 of 2002 (the ECT) in respect of e-contracting. No data
message or electronic communication will be recognised as having a legal
contractual status under the ECT Act. All agreements concluded by Siemens will
only be legally binding when reduced to physical writing and physically signed
by a duly authorised representative of Siemens.
For more information about Siemens Limited, visit our website at www.siemens.com
Siemens Limited
Company Registration Number: 1923/007514/06
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: Dr S Russwurm*
Chief Executive Officer: SJ Clarkson; Chief Financial Officer: AD Hall
Executive Director: AM Mathole
Non-Executive Directors: D Hoke*; Dr MI Surve; K Setzin
Alternate Directors: R Guntermann*; I Amod; Y Mahomed
Company Secretary: V Reddy
*German
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
