Overview
The Icon Labs Iconfidant SSH server contails multiple vulnerabilities. The most severe of these issues may allow an attacker to cause a vulnerable system to crash.
Description
The Iconfident SSH is a Secure Shell (SSH) server that runs on VxWorks-based systems. Versions of the Iconfident server prior to 2.3.8 contain multiple denial of service vulnerabilities. |
Impact
A remote, unauthenticated attacker may be able to cause a vulnerable system to crash or become unable to accept remote SSH connections. |
Solution
Upgrade Icon Labs has released Iconfident SSH server 2.3.8 to address these issues. |
|
Vendor Information
Cisco Systems, Inc. Affected
Notified: February 01, 2008 Updated: June 12, 2008
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See http://www.cisco.com/warp/public/707/cisco-sa-20080521-sce.shtml for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Icon Labs Affected
Notified: February 18, 2008 Updated: June 09, 2008
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
See http://www.icon-labs.com/news/read.asp?newsID=77 for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ericsson Not Affected
Notified: June 09, 2008 Updated: June 12, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Extreme Networks Not Affected
Notified: June 09, 2008 Updated: April 23, 2009
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We don't use iConfidant SSH server in any of our software products.
So, Extreme switches are not vulnerable for the vulnerability mentioned in VU#626979 (which includes the issues tracked under VU#994027 and VU#827355 also).
Foundry Networks, Inc. Not Affected
Notified: June 09, 2008 Updated: July 10, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Internet Security Systems, Inc. Not Affected
Notified: June 09, 2008 Updated: June 10, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
McAfee Not Affected
Notified: June 09, 2008 Updated: June 11, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Stonesoft Not Affected
Notified: June 09, 2008 Updated: June 23, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
TippingPoint, Technologies, Inc. Not Affected
Notified: June 09, 2008 Updated: July 10, 2008
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
3com, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
AT&T Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Alcatel Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Avaya, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Borderware Technologies Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Bro Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Charlotte's Web Networks Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Check Point Software Technologies Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Clavister Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Conectiva Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Cray Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
D-Link Systems, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Data Connection, Ltd. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
EMC Corporation Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Engarde Secure Linux Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Enterasys Networks Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
F5 Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Force10 Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fortinet, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Fujitsu Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Global Technology Associates Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hewlett-Packard Company Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hitachi Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Hyperchip Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
IP Filter Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Ingrian Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intel Corporation Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Intoto Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Juniper Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Linksys (A division of Cisco Systems) Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Lucent Technologies Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Luminous Networks Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
MontaVista Software, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multinet (owned Process Software Corporation) Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Multitech, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NEC Corporation Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Network Appliance, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
NextHop Technologies, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nokia Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Nortel Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
QNX, Software Systems, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Riverstone Networks, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Sony Corporation Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Symantec, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Watchguard Technologies, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Wind River Systems, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
ZyXEL Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
eSoft, Inc. Unknown
Notified: June 09, 2008 Updated: June 09, 2008
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Icon Labs for information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | None |
| Severity Metric: | 5.63 |
| Date Public: | 2008-05-21 |
| Date First Published: | 2008-06-09 |
| Date Last Updated: | 2009-04-23 11:10 UTC |
| Document Revision: | 13 |