Cisco IOS XR Software SSH Denial of Service Vulnerability

http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml

"The SSH server implementation in Cisco IOS XR Software contains a
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition."

"Products Confirmed Not Vulnerable

SSH server implementations in Cisco IOS Software and Cisco IOS XE
Software are not affected by this vulnerability."

"Successful exploitation of the vulnerability described in this advisory
could result in a crash of the SSH connection handler process. Repeated
exploitation may impact other system functionality, depending upon the
size of the available memory and the duration of attack."

Cisco has released updates for this. It is recommended that network
devices be updated.

Although IAS does not run IOS XR, it might be used by routers on the
Internet. This alert is to make people aware of possible Internet
outages as switches are patched.

Thanks,
ep