CVE-1999-1085

Name of the Vulnerable Software and Affected Versions SSH versions 1.2.23 through 1.2.25

Description The issue allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, specifically when SSH is used in CBC or CFB modes.

Recommendations For SSH version 1.2.23, consider disabling the use of CBC and CFB modes until a patch is available. For SSH version 1.2.25, avoid using CBC and CFB modes in production environments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.