News

A vulnerability has been detected in the way SSH Sentinel handles the decoding of BER/DER encoded packets. BER/DER encoding is applied in digital certificates, which are used for authenticating a user in IKE negotiations. Certificates are also commonly used for authenticating SSL/TLS connections.

Using malformed BER/DER packets, the receiving host can potentially crash making a Denial-of-Service (DoS) attack possible.

SSH strongly recommends that you upgrade to the latest 1.4.1 (build 98) version which is available from the Updates and Packages at Donwload Section:

SSH Sentinel 1.4

SSH Communications Security is committed to utmost security

SSH Communications Security apologizes for any inconvenience caused. We take security of the systems of our customers very seriously and do our utmost to provide secure software. We strongly urge all customers to consider the implications of this vulnerability and to make an educated decision on whether or not to update/upgrade.

© 2003 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.