Vulnerabilities > CVE-2006-0883 - Resource Management Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Denial of Service |
NASL id | OPENSSH_381P1.NASL |
description | According to its banner, the version of OpenSSH running on the remote host is affected by a remote denial of service vulnerability. When used with OpenPAM, OpenSSH does not properly handle when a forked child process ends during PAM authentication. This could allow a remote attacker to cause a denial of service by connecting several times to the SSH server, waiting for the password prompt and then disconnecting. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 44073 |
published | 2011-10-04 |
reporter | This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/44073 |
title | OpenSSH With OpenPAM DoS |
code |
|
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc
- http://bugzilla.mindrot.org/show_bug.cgi?id=839
- http://securityreason.com/securityalert/520
- http://securitytracker.com/id?1015706
- http://www.osvdb.org/23797
- http://www.securityfocus.com/bid/16892
- http://www.vupen.com/english/advisories/2006/0805
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25116