Vulnerabilities > CVE-2006-4924 - Resource Management Errors vulnerability in Openbsd Openssh
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit. CVE-2006-4924. Dos exploits for multiple platform |
| id | EDB-ID:2444 |
| last seen | 2016-01-31 |
| modified | 2006-09-27 |
| published | 2006-09-27 |
| reporter | Tavis Ormandy |
| source | https://www.exploit-db.com/download/2444/ |
| title | OpenSSH <= 4.3 p1 Duplicated Block Remote Denial of Service Exploit |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-17.NASL description The remote host is affected by the vulnerability described in GLSA-200609-17 (OpenSSH: Denial of Service) Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. Impact : A remote unauthenticated attacker may be able to trigger excessive CPU usage by sending a pathological SSH message, denying service to other legitimate users or processes. Workaround : The system administrator may disable SSH protocol version 1 in /etc/ssh/sshd_config. last seen 2020-06-01 modified 2020-06-02 plugin id 22464 published 2006-09-28 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22464 title GLSA-200609-17 : OpenSSH: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200609-17. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22464); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-4924"); script_bugtraq_id(20216); script_xref(name:"GLSA", value:"200609-17"); script_name(english:"GLSA-200609-17 : OpenSSH: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200609-17 (OpenSSH: Denial of Service) Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. Impact : A remote unauthenticated attacker may be able to trigger excessive CPU usage by sending a pathological SSH message, denying service to other legitimate users or processes. Workaround : The system administrator may disable SSH protocol version 1 in /etc/ssh/sshd_config." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200609-17" ); script_set_attribute( attribute:"solution", value: "All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.3_p2-r5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openssh"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/28"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/openssh", unaffected:make_list("ge 4.3_p2-r5"), vulnerable:make_list("lt 4.3_p2-r5"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenSSH"); }NASL family Misc. NASL id OPENSSH_44.NASL description According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities : - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that successful exploitation requires that GSSAPI authentication be enabled. - A flaw exists that may allow an attacker to determine the validity of usernames on some platforms. Note that this issue requires that GSSAPI authentication be enabled. - When SSH version 1 is used, an issue can be triggered via an SSH packet that contains duplicate blocks that could result in a loss of availability for the service. - On Fedora Core 6 (and possibly other systems), an unspecified vulnerability in the linux_audit_record_event() function allows remote attackers to inject incorrect information into audit logs. last seen 2020-06-01 modified 2020-06-02 plugin id 22466 published 2006-09-28 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22466 title OpenSSH < 4.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(22466); script_version("1.30"); script_cvs_date("Date: 2018/07/16 14:09:13"); script_cve_id("CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052", "CVE-2006-5229", "CVE-2007-3102", "CVE-2008-4109"); script_bugtraq_id(20216, 20241, 20245); script_name(english:"OpenSSH < 4.4 Multiple Vulnerabilities"); script_summary(english:"Checks version number of OpenSSH"); script_set_attribute(attribute:"synopsis", value: "The remote SSH server is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities : - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that successful exploitation requires that GSSAPI authentication be enabled. - A flaw exists that may allow an attacker to determine the validity of usernames on some platforms. Note that this issue requires that GSSAPI authentication be enabled. - When SSH version 1 is used, an issue can be triggered via an SSH packet that contains duplicate blocks that could result in a loss of availability for the service. - On Fedora Core 6 (and possibly other systems), an unspecified vulnerability in the linux_audit_record_event() function allows remote attackers to inject incorrect information into audit logs."); script_set_attribute(attribute:"see_also", value:"http://www.openssh.com/txt/release-4.4" ); script_set_attribute(attribute:"solution", value: "Upgrade to OpenSSH 4.4 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(264, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2006/09/28"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/09/28"); script_set_attribute(attribute:"plugin_type", value: "remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openbsd:openssh"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("ssh_detect.nasl"); script_require_ports("Services/ssh", 22); exit(0); } include("backport.inc"); include("global_settings.inc"); include("misc_func.inc"); # Ensure the port is open. port = get_service(svc:"ssh", exit_on_fail:TRUE); # Get banner for service. banner = get_kb_item_or_exit("SSH/banner/"+port); bp_banner = tolower(get_backport_banner(banner:banner)); if ("openssh" >!< bp_banner) exit(0, "The SSH service on port "+port+" is not OpenSSH."); if (backported) exit(1, "The banner from the OpenSSH server on port "+port+" indicates patches may have been backported."); if (!get_kb_item("Settings/PCI_DSS")) { auth = get_kb_item_or_exit("SSH/supportedauth/" + port); if ("gssapi" >!< auth) exit(0, "The SSH service on port "+port+" doesn't support GSSAPI."); } if (bp_banner =~ "openssh[-_]([0-3]\.|4\.[0-3]([^0-9]|$))") security_hole(port);NASL family Solaris Local Security Checks NASL id SOLARIS10_123324-03.NASL description SunOS 5.10: sshd patch. Date this patch was last updated by Sun : Jun/20/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107389 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107389 title Solaris 10 (sparc) : 123324-03 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107389); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2006-0225", "CVE-2006-4924"); script_name(english:"Solaris 10 (sparc) : 123324-03"); script_summary(english:"Check for patch 123324-03"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 123324-03" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: sshd patch. Date this patch was last updated by Sun : Jun/20/07" ); script_set_attribute( attribute:"see_also", value:"https://download.oracle.com/sunalerts/1000947.1.html" ); script_set_attribute(attribute:"solution", value:"Install patch 123324-03"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:123324"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:124442"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:125430"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"123324-03", obsoleted_by:"120011-14 ", package:"SUNWcslr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"123324-03", obsoleted_by:"120011-14 ", package:"SUNWhea", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"123324-03", obsoleted_by:"120011-14 ", package:"SUNWsshcu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"123324-03", obsoleted_by:"120011-14 ", package:"SUNWsshdu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"123324-03", obsoleted_by:"120011-14 ", package:"SUNWsshu", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWcslr / SUNWhea / SUNWsshcu / SUNWsshdu / SUNWsshu"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENSSH-2183.NASL description Several security problems were fixed in OpenSSH : - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. - CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. last seen 2020-06-01 modified 2020-06-02 plugin id 27365 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27365 title openSUSE 10 Security Update : openssh (openssh-2183) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openssh-2183. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27365); script_version ("1.15"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4924", "CVE-2006-4925", "CVE-2006-5051", "CVE-2006-5052"); script_name(english:"openSUSE 10 Security Update : openssh (openssh-2183)"); script_summary(english:"Check for the openssh-2183 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several security problems were fixed in OpenSSH : - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. - CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms." ); script_set_attribute( attribute:"solution", value:"Update the affected openssh packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openssh-askpass"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"openssh-4.2p1-18.9") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"openssh-askpass-4.2p1-18.9") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123325.NASL description SunOS 5.10_x86: sshd patch. Date this patch was last updated by Sun : Jun/21/07 last seen 2018-09-01 modified 2018-08-13 plugin id 25645 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25645 title Solaris 10 (x86) : 123325-03 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/10/24. # # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(25645); script_version("1.22"); script_name(english: "Solaris 10 (x86) : 123325-03"); script_cve_id("CVE-2006-0225", "CVE-2006-4924"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 123325-03"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: sshd patch. Date this patch was last updated by Sun : Jun/21/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "http://download.oracle.com/sunalerts/1000947.1.html"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/02"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/28"); script_end_attributes(); script_summary(english: "Check for patch 123325-03"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_123325-03.NASL description SunOS 5.10_x86: sshd patch. Date this patch was last updated by Sun : Jun/21/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107891 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107891 title Solaris 10 (x86) : 123325-03 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0697.NASL description Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD last seen 2020-06-01 modified 2020-06-02 plugin id 22485 published 2006-10-02 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22485 title CentOS 3 / 4 : openssh / openssl (CESA-2006:0697) NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_062.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:062 (openssh). Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products. - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. - CVE-2006-5051: Fixed an unsafe signal handler reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of user names on some platforms. last seen 2019-10-28 modified 2007-02-18 plugin id 24440 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24440 title SUSE-SA:2006:062: openssh NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0146_OPENSSH-LATEST.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225) - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924) - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051) - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. (CVE-2006-5794) - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. (CVE-2007-3102) - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. (CVE-2010-4755) - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107) - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) - It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) - It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278) - It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) - It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) - An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. (CVE-2016-0777) - An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127415 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127415 title NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1011.NASL description - Mon Oct 2 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.10 - improve gssapi-no-spnego patch (#208102) - CVE-2006-4924 - prevent DoS on deattack detector (#207957) - CVE-2006-5051 - don last seen 2020-06-01 modified 2020-06-02 plugin id 24029 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24029 title Fedora Core 5 : openssh-4.3p2-4.10 (2006-1011) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-179.NASL description Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default. Next, an unsafe signal handler was found by Mark Dowd. This signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS, and theoretically a pre-authentication remote code execution in the case where some authentication methods like GSSAPI are enabled (CVE-2006-5051). Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24565 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24565 title Mandrake Linux Security Advisory : openssh (MDKSA-2006:179) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1189.NASL description Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4924 Tavis Ormandy of the Google Security Team discovered a denial of service vulnerability in the mitigation code against complexity attacks, which might lead to increased CPU consumption until a timeout is triggered. This is only exploitable if support for SSH protocol version 1 is enabled. - CVE-2006-5051 Mark Dowd discovered that insecure signal handler usage could potentially lead to execution of arbitrary code through a double free. The Debian Security Team doesn last seen 2020-06-01 modified 2020-06-02 plugin id 22731 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22731 title Debian DSA-1189-1 : openssh-krb5 - several vulnerabilities NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL6736.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 88441 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88441 title F5 Networks BIG-IP : OpenSSH vulnerabilities (SOL6736) NASL family Solaris Local Security Checks NASL id SOLARIS10_123324.NASL description SunOS 5.10: sshd patch. Date this patch was last updated by Sun : Jun/20/07 last seen 2018-09-01 modified 2018-08-13 plugin id 25642 published 2007-07-02 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=25642 title Solaris 10 (sparc) : 123324-03 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0697.NASL description Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD last seen 2020-06-01 modified 2020-06-02 plugin id 22473 published 2006-09-29 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22473 title RHEL 3 / 4 : openssh (RHSA-2006:0697) NASL family Solaris Local Security Checks NASL id SOLARIS9_113273.NASL description SunOS 5.9: /usr/lib/ssh/sshd patch. Date this patch was last updated by Sun : Oct/19/07 last seen 2016-09-26 modified 2011-09-18 plugin id 13532 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13532 title Solaris 9 (sparc) : 113273-16 NASL family SuSE Local Security Checks NASL id SUSE_OPENSSH-2184.NASL description Several security problems were fixed in OpenSSH : - A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924) - If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925) - Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. (CVE-2006-5051) - Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052) last seen 2020-06-01 modified 2020-06-02 plugin id 29538 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29538 title SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0036_OPENSSH.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssh packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2006-0225) - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. (CVE-2006-4924) - Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. (CVE-2006-5051) - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. (CVE-2006-5794) - Unspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information. (CVE-2007-3102) - The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. (CVE-2010-4755) - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections. (CVE-2010-5107) - It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127206 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127206 title NewStart CGSL CORE 5.04 / MAIN 5.04 : openssh Multiple Vulnerabilities (NS-SA-2019-0036) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-355-1.NASL description Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924) Mark Dowd discovered a race condition in the server last seen 2020-06-01 modified 2020-06-02 plugin id 27935 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27935 title Ubuntu 5.04 / 5.10 / 6.06 LTS : openssh vulnerabilities (USN-355-1) NASL family Misc. NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them. last seen 2020-06-01 modified 2020-06-02 plugin id 55992 published 2011-08-29 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55992 title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure NASL family MacOS X Local Security Checks NASL id MACOSX_10_4_9.NASL description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog last seen 2020-06-01 modified 2020-06-02 plugin id 24811 published 2007-03-13 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24811 title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-272-02.NASL description New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 22468 published 2006-09-29 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22468 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-272-02) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114858.NASL description SunOS 5.9_x86: usr/lib/ssh/sshd Patch. Date this patch was last updated by Sun : Oct/18/07 last seen 2016-09-26 modified 2011-09-18 plugin id 13614 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13614 title Solaris 9 (x86) : 114858-13 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0697.NASL description From Red Hat Security Advisory 2006:0697 : Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD last seen 2020-06-01 modified 2020-06-02 plugin id 67412 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67412 title Oracle Linux 4 : openssh (ELSA-2006-0697) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1212.NASL description Two denial of service problems have been found in the OpenSSH server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-4924 The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. - CVE-2006-5051 A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 23661 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23661 title Debian DSA-1212-1 : openssh - Denial of service NASL family Fedora Local Security Checks NASL id FEDORA_2007-395.NASL description - Fri Mar 30 2007 Miloslav Trmac <mitr at redhat.com> - 4.3p2-4.12 - Fix an information leak in Kerberos password authentication (CVE-2006-5052) Resolves: #234640 - Fri Nov 10 2006 Tomas Mraz <tmraz at redhat.com> - 4.3p2-4.11 - CVE-2006-5794 - properly detect failed key verify in monitor (#214641) - kill all ssh sessions when stop is called in halt or reboot runlevel (#213008) - remove -TERM option from killproc so we don last seen 2020-06-01 modified 2020-06-02 plugin id 24926 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24926 title Fedora Core 5 : openssh-4.3p2-4.12.fc5 (2007-395) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0698.NASL description Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD last seen 2020-06-01 modified 2020-06-02 plugin id 22474 published 2006-09-29 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22474 title RHEL 2.1 : openssh (RHSA-2006:0698) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_32DB37A550C311DBACF3000C6EC775D9.NASL description Problem Description The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. [CVE-2006-4924] A race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051] Impact An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it is possible to cause up to MaxStartups (10 by default) sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] The OpenSSH project believe that the race condition can lead to a Denial of Service or potentially remote code execution, but the FreeBSD Security Team has been unable to verify the exact impact. [CVE-2006-5051] Workaround The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in sshd_config(5). There is no workaround for the second issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22488 published 2006-10-02 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22488 title FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9) NASL family Misc. NASL id JUNIPER_NSM_2012_1.NASL description According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to multiple vulnerabilities, the worst of which may allow an authenticated user to trigger a denial of service condition or execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 69872 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69872 title Juniper NSM Servers < 2012.1 Multiple Vulnerabilities
Oval
accepted 2013-04-29T04:05:52.949-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. family unix id oval:org.mitre.oval:def:10462 status accepted submitted 2010-07-09T03:56:16-04:00 title sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. version 26 accepted 2007-08-02T14:47:15.104-04:00 class vulnerability contributors name Yuzheng Zhou organization Opsware, Inc. definition_extensions comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. family unix id oval:org.mitre.oval:def:1193 status accepted submitted 2007-07-03T09:00:00.000-04:00 title Security Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the Host version 35
Redhat
| advisories |
| ||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
- ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
- http://bugs.gentoo.org/show_bug.cgi?id=148228
- http://docs.info.apple.com/article.html?artnum=305214
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
- http://secunia.com/advisories/21923
- http://secunia.com/advisories/22091
- http://secunia.com/advisories/22116
- http://secunia.com/advisories/22158
- http://secunia.com/advisories/22164
- http://secunia.com/advisories/22183
- http://secunia.com/advisories/22196
- http://secunia.com/advisories/22208
- http://secunia.com/advisories/22236
- http://secunia.com/advisories/22245
- http://secunia.com/advisories/22270
- http://secunia.com/advisories/22298
- http://secunia.com/advisories/22352
- http://secunia.com/advisories/22362
- http://secunia.com/advisories/22487
- http://secunia.com/advisories/22495
- http://secunia.com/advisories/22823
- http://secunia.com/advisories/22926
- http://secunia.com/advisories/23038
- http://secunia.com/advisories/23241
- http://secunia.com/advisories/23340
- http://secunia.com/advisories/23680
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/24799
- http://secunia.com/advisories/24805
- http://secunia.com/advisories/25608
- http://secunia.com/advisories/29371
- http://secunia.com/advisories/34274
- http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
- http://security.gentoo.org/glsa/glsa-200609-17.xml
- http://security.gentoo.org/glsa/glsa-200611-06.xml
- http://securitytracker.com/id?1016931
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
- http://sourceforge.net/forum/forum.php?forum_id=681763
- http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
- http://www.debian.org/security/2006/dsa-1189
- http://www.debian.org/security/2006/dsa-1212
- http://www.kb.cert.org/vuls/id/787448
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
- http://www.novell.com/linux/security/advisories/2006_24_sr.html
- http://www.novell.com/linux/security/advisories/2006_62_openssh.html
- http://www.openbsd.org/errata.html#ssh
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
- http://www.osvdb.org/29152
- http://www.redhat.com/support/errata/RHSA-2006-0697.html
- http://www.redhat.com/support/errata/RHSA-2006-0698.html
- http://www.securityfocus.com/archive/1/447153/100/0/threaded
- http://www.securityfocus.com/bid/20216
- http://www.trustix.org/errata/2006/0054
- http://www.ubuntu.com/usn/usn-355-1
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
- http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
- http://www.vupen.com/english/advisories/2006/3777
- http://www.vupen.com/english/advisories/2006/4401
- http://www.vupen.com/english/advisories/2006/4869
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2007/1332
- http://www.vupen.com/english/advisories/2007/2119
- http://www.vupen.com/english/advisories/2009/0740
- http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
- https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
- https://issues.rpath.com/browse/RPL-661
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193