Vulnerability Name:

CVE-2002-1360 (CCN-10871)

Assigned:2002-12-16
Published:2002-12-16
Updated:2017-10-11
Summary:Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: VULNWATCH
Type: Vendor Advisory
20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors

Source: MITRE
Type: CNA
CVE-2002-1360

Source: CCN
Type: SECTRACK ID: 1005812
F-Secure SSH Client and Server SSH2 Implementation Bugs Allow Only Limited Remote Denial of Service Issues

Source: SECTRACK
Type: UNKNOWN
1005812

Source: CCN
Type: SECTRACK ID: 1005813
SSH Communications SSH Client and Server SSH2 Implementation Bugs Allow Only Limited Denial of Service

Source: SECTRACK
Type: UNKNOWN
1005813

Source: CCN
Type: CERT Advisory CA-2002-36
Multiple Vulnerabilities in SSH Implementations

Source: CERT
Type: Third Party Advisory, US Government Resource
CA-2002-36

Source: CCN
Type: PuTTY Web site
PuTTY Download Page

Source: CCN
Type: CIAC Information Bulletin N-028
Vulnerabilities in SSH2 Implementations from Multiple Vendors

Source: CCN
Type: Cisco Systems Inc. Security Advisory, 2002 December 19th 23:00 GMT
SSH Malformed Packet Vulnerabilities

Source: CCN
Type: OSVDB ID: 8045
SSH2 Server/Client Null Character String Arbitrary Command Execution

Source: CCN
Type: Pragma Systems Web site
Pragma SecureShell Updates

Source: CCN
Type: Rapid 7, Inc. Security Advisory R7-0009
Vulnerabilities in SSH2 Implementations from Multiple Vendors

Source: CCN
Type: SecureNetTerm Web site
Downloads - InterSoft International, Inc.

Source: CCN
Type: BID-6397
Multiple Vendor SSH2 Implementation Vulnerabilities

Source: CCN
Type: BID-6410
Multiple Vendor SSH2 Implementation Null Character Handling Vulnerabilities

Source: XF
Type: UNKNOWN
ssh-transport-null-string-bo(10871)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5797

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ios:12.0s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.0st:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1e:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1ea:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.1t:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2s:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2t:*:*:*:*:*:*:*
  • AND
  • cpe:/a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*
  • OR cpe:/a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.48:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.49:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:winscp:winscp:2.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*
  • OR cpe:/a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:winscp:winscp:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.48:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.49:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.53:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5797
    V
    		Multiple Vendors SSH2 "null characters in strings" Vulnerability
    2008-09-08
    BACK
    cisco ios 12.0s
    cisco ios 12.0st
    cisco ios 12.1e
    cisco ios 12.1ea
    cisco ios 12.1t
    cisco ios 12.2
    cisco ios 12.2s
    cisco ios 12.2t
    fissh ssh client 1.0a_for_windows
    intersoft securenetterm 5.4.1
    netcomposite shellguard ssh 3.4.6
    pragma_systems secureshell 2.0
    putty putty 0.48
    putty putty 0.49
    putty putty 0.53
    winscp winscp 2.0.0
    fissh ssh client 1.0a_for_windows
    intersoft securenetterm 5.4.1
    netcomposite shellguard ssh 3.4.6
    pragma_systems secureshell 2.0
    winscp winscp 2.0.0
    putty putty 0.48
    putty putty 0.49
    putty putty 0.53