News

It was brought to SSH Communications Security's knowledge that the exploits based on the Bleichenbacher's attack can be used against SSH Secure Shell 1.2.32. Even though this is not a real life vulnerability, it was addressed.

The issue is fixed in the new release Secure Shell 1.2.33, which is now available through ftp://ftp.ssh.com/pub/ssh/ssh-1.2.33.tar.gz.

Even fixing this exploit does not protect against numerous other publicly known vulnerabilities in SSH1 protocol. Due to these problems, the SSH1 protocol was deprecated already in early 2001. Since there are still systems that have not been upgraded to SSH2, this fix was released.

SSH Communications Security highly recommends all users of SSH1 to upgrade to versions using SSH2 protocol and remove all versions of products using SSH1 protocol.

SSH Secure Shell products can be achieved through our online store http://commerce.ssh.com or through our distribution channels www.ssh.com/sales/enduser/.

According to F-Secure these errors do not exist in
F-Secure SSH 1.3.11-2.

Thanks to Mike Scher of Neohapsis for reporting this problem.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.