Vulnerability CVE-1999-1085


Published: 1998-06-12   Modified: 2012-02-12

Description:
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
SSH -> Secure shell 

 References:
http://marc.info/?l=bugtraq&m=90221103125884&w=2
http://marc.info/?l=bugtraq&m=90221104525878&w=2
http://www.iss.net/security_center/static/1126.php
http://www.kb.cert.org/vuls/id/13877

Copyright 2024, cxsecurity.com

 

Back to Top