Reported February 8, 2001, by BindView RAZOR Team.

  • SSH 1.2.x Server
  • SSH 1.2.x Client
  • FSecure SSH 1.3.x Server
  • FSecure SSH 1.3.x Client
  • OSSH daemons
  • OpenSSH 2.3.0


Implementations of SSH that include the deattack.c code, which Core SDI developed to prevent cryptography attacks, are vulnerable to an integer overflow. Insufficient range control calculations in the detect_attack() function lead to a table index overflow that can result in arbitrary commands running on the vulnerable host.


The various vendors involved have been contacted and have released patches to address the problem. Check your SSH vendor's Web site to determine whether your version of SSH is vulnerable.


The original RAZOR advisory is available at:


Core SDI also released an advisory available at:

Discovered by
BindView RAZOR Team.