NanoSSH on Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE suffers from a remote denial of service vulnerability.
4ec9685eea0f9205acd2516ddd10ca2ebd352f49eb06fdac3f8ea83053652e25
Hi,
Various openssh 6.2p1 users including our administrators
stumbled over this nice bug in the "nanossh server" during pre authentication
phase within nanossh ( https://www.mocana.com/for-device-manufacturers/nanossh/ )
Bug at openssh bugzilla:
https://bugzilla.mindrot.org/show_bug.cgi?id=2116
http://www.gossamer-threads.com/lists/openssh/bugs/55880
Basically if the HMAC list is unexpected long (>1) the remote nanossh
daemon will crash. Unclear if code execution, but well, I would not bet against it.
Also unclear if more than the listed Nortel switches are affected, or all
nanossh deployers, but probably yes.
Ciao, Marcus