This document will summarize vulnerabilities in the ssh cryptographic login program. These vulnerabilites enables a malicious user to access a remote host without proper authorization. Numerous flaws have been uncovered in the implementation of the SSH protocol.
In addition, many SSH version 2 implementations that are configured for verion 1 fallback are vulnerable to the CRC32 exploit.
Resolutions
Vendors recommend upgrading to SSH version 2 protocol products. Most of these exploits do not exist in the newer version 2. However, be sure that the version 2 implmentation does not support version 1 fallback or confirm that it has been patched for fallback.