CERT/CC has issued an advisory (CA-2002-36) that Secure shell (SSH) protocol implementations in SSH clients and servers from multiple vendors are susceptible to various vulnerabilities, including buffer overflows.
The CERT advisory confirms that the SSH products Yui Kee sells, from SSH Communications Security and F-Secure, cannot be exploited using the vulnerabilities.
Rapid7 found the vulnerabilities by developing a suite (called SSHredder) to test the SSH transport layer.