This vulnerability is caused by integer-overflow in deattack.c function detect_attack() that enables an attacker to overwrite arbitrary parts of memory. Altered memory may affect code that is executed by the daemon with uid 0 and through execution give root access to the system.
Vulnerable versions include non-commercial Secure Shell versions 1.2.24 through 1.2.31. To fix, SSH recommends upgrading to SSH Secure Shell 3.0.1 through http://commerce.ssh.com/. (Optional upgrading to Secure Shell 1.2.32 is also available for non-commercial users through ftp://ftp.ssh.com/.)