Computer Security
[EN] securityvulns.ru no-pyccku


Multiple OpenSSH security vulnerabilities
updated since 28.09.2006
Published:03.10.2008
Source:
SecurityVulns ID:6657
Type:remote
Threat Level:
6/10
Description:Multiple different DoS conditions.
Affected:OPENSSH : OpenSSH 4.3
 OPENSSH : OpenSSH 4.6
CVE:CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.)
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.)
Original documentdocumentUBUNTU, [USN-649-1] OpenSSH vulnerabilities (03.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1638-1] New openssh packages fix denial of service (20.09.2008)
 documentOPENSSH, OpenSSH 4.4 is available (28.09.2006)
Files:OpenSSH CRC compensation attack detection DoS PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod