Vulnerabilities have been found in multiple SSH implementations that could allow an attacker to execute code or create a denial of service on servers and clients, according to an advisory from CERT, a security alert service.
SSH is a shell protocol widely used by system administrators to access servers while keeping all transmissions, including passwords, encrypted.
The vulnerabilities were located by security software company Rapid7 using an SSH test suite named "SSHhredder", according to CERT. These include buffer overflows and occur before a user is required to authenticate, meaning that they are accessible to any attacker.
The attacks would execute at the security level at which the SSH process is running, which is normally a highly privileged level -- System on Windows, and root on Unix systems.
Rapid7 said that several vendors' SSH implementations were vulnerable, including those of SSH Communications Security, F-Secure, Pragma Systems, PuTTY, FiSSH, ShellGuard, and WinSCP. However, SSH and F-Secure, as well as Cisco Systems, Cray, Fujitsu, IBM, Netscreen Technologies, OpenSSH, VanDyke Software and LSH all said that their own testing showed that their software was not vulnerable.
Only Pragma Systems and PuTTY confirmed that some software was affected. PuTTY said that version 0.53b of its software addressed the issue. Pragma said that versions 2.0 and 3.0 of Pragma SecureShell were affected, and that it had corrected the issue in version 3.0. The company is offering its customers an upgrade to the fixed version.
The most widely used implementation, OpenSSH, is not vulnerable.
CERT's original advisory is available on the organisation's Web site.