CVE-2001-0144

OpenSSH - Remote Code Execution via CRC-32 Compensation Attack

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0144. PoCs published by Teso, Michal Zalewski.

AI-analyzed exploit summary The provided entry is a placeholder link to a tarball (349.tgz) with no actual exploit code or details. It references milw0rm.com but lacks technical content.

Description

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Exploits (2)

exploitdb STUB VERIFIED

by Teso · textremotemultiple

https://www.exploit-db.com/exploits/349

View Code ZIP pw:eip

The provided entry is a placeholder link to a tarball (349.tgz) with no actual exploit code or details. It references milw0rm.com but lacks technical content.

Classification

Stub 30%

Attack Type

Other

Complexity

Unknown

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Michal Zalewski · cremoteunix

https://www.exploit-db.com/exploits/20617

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in SSH's CRC32 compensation attack detection code, allowing arbitrary memory writes and potential remote code execution. The provided patch includes shellcode for a TCP/36864 portshell, demonstrating the exploit's capability to execute arbitrary commands with root privileges.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: SSH (versions vulnerable to CVE-2001-0144)

No auth needed

Prerequisites: Vulnerable SSH server or client · Ability to send large SSH packets

MITRE ATT&CK