Helsinki, Finland - September 30, 2003

SSH Sentinel Security Vulnerability in BER Decoding

   A vulnerability has been detected in the way SSH Sentinel handles the decoding of BER/DER
   encoded packets. BER/DER encoding is applied in digital certificates, which are used for
   authenticating a user in IKE negotiations. Certificates are also commonly used for
   authenticating SSL/TLS connections.
   Using malformed BER/DER packets, the receiving host can potentially crash making a
   Denial-of-Service (DoS) attack possible.
   SSH strongly recommends that you upgrade to the latest 1.4.1 (build 98) version which is
   available from the Updates and Packages at Donwload Section:
   SSH Sentinel 1.4

SSH Communications Security is committed to utmost security

   SSH Communications Security apologizes for any inconvenience caused. We take security of the
   systems of our customers very seriously and do our utmost to provide secure software. We
   strongly urge all customers to consider the implications of this vulnerability and to make an
   educated decision on whether or not to update/upgrade.