Project

General

Profile

Actions
Copy link

Security #1278

closed
VJ VJ

ssh banner parsing issue

Security #1278: ssh banner parsing issue

Added by Victor Julien over 11 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Victor Julien
Target version:
2.0.4
Affected Versions:
Label:
CVE:
2014-6603
Git IDs:

8ec28dea16080c77828412d6de01018dabc7b7c3

Severity:
Disclosure Date:

Description

Reported privately.

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
 #1

  • Subject changed from ssh issue to ssh banner parsing issue
  • Priority changed from Normal to High
    app-layer-ssh: fix banner parser

    Carefully crafted SSH banner could result in parser error.

    CVE 2014-6603

    Signed-off-by: Eric Leblond <eric@regit.org>

Reported by Steffen Bauch

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
 #2

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

VJ Updated by Victor Julien over 11 years ago Actions
Copy link
 #3

A work around is to simply disable the ssh app layer module:

app-layer:
  protocols:
    tls:
      enabled: yes
      detection-ports:
        dp: 443

      #no-reassemble: yes
    dcerpc:
      enabled: yes
    ftp:
      enabled: yes
    ssh:
      enabled: no

Alternatively, it can be set to 'detection-only'.

VJ Updated by Victor Julien over 5 years ago Actions
Copy link
 #5

  • Tracker changed from Bug to Security
  • CVE set to 2014-6603
  • Git IDs updated (diff)
Actions
Copy link

Also available in: PDF Atom