Multiple OpenSSH security vulnerabilities updated since 28.09.2006
Published:		03.10.2008
Source:		OPENSSH
SecurityVulns ID:		6657
Type:		remote
Level:		6/10
Description:		Multiple different DoS conditions.

Affected:		OPENSSH : OpenSSH 4.3
		OPENSSH : OpenSSH 4.6
CVE:		CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.)
		CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.)

Original document		UBUNTU, [USN-649-1] OpenSSH vulnerabilities (03.10.2008)
		DEBIAN, [SECURITY] [DSA 1638-1] New openssh packages fix denial of service (20.09.2008)
		OPENSSH, OpenSSH 4.4 is available (28.09.2006)

Files:		OpenSSH CRC compensation attack detection DoS PoC
Discuss:		Read or add your comments to this news (0 comments)