Hi,
Various openssh 6.2p1 users including our administrators
stumbled over this nice bug in the "nanossh server" during pre authentication
phase within nanossh ( https://www.mocana.com/for-device-manufacturers/nanossh/ )
Bug at openssh bugzilla:
https://bugzilla.mindrot.org/show_bug.cgi?id=2116
http://www.gossamer-threads.com/lists/openssh/bugs/55880
Basically if the HMAC list is unexpected long (>1) the remote nanossh
daemon will crash. Unclear if code execution, but well, I would not bet against it.
Also unclear if more than the listed Nortel switches are affected, or all
nanossh deployers, but probably yes.
Ciao, Marcus