 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-1999-1085 |
| Description: | SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack." |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.10268 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-1999-1085 Bugtraq: 19980612 CORE-SDI-04: SSH insertion attack (Google Search) http://marc.info/?l=bugtraq&m=90221103125884&w=2 Bugtraq: 19980703 UPDATE: SSH insertion attack (Google Search) http://marc.info/?l=bugtraq&m=90221104525878&w=2 CERT/CC vulnerability note: VU#13877 http://www.kb.cert.org/vuls/id/13877 Cisco Security Advisory: 20010627 Multiple SSH Vulnerabilities XForce ISS Database: ssh-insert(1126) http://www.iss.net/security_center/static/1126.php |