CVE-2004-2069

Severity

50%

Complexity

99%

Confidentiality

48%

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

OpenBSD OpenSSH

First reported 20 years ago

2004-12-31 05:00:00

Last updated 6 years ago

2018-10-19 15:30:00

Affected Software

OpenBSD OpenSSH 3.6.1 p2

3.6.1p2

OpenBSD OpenSSH 3.7.1 p2

3.7.1p2

References

[openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time

[openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time

RHSA-2005:550

17000

17135

17252

22875

23680

http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

16567

FLSA-2006:168935

20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4

20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2

20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2

14963

http://www.vmware.com/download/esx/esx-202-200610-patch.html

http://www.vmware.com/download/esx/esx-213-200610-patch.html

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

ADV-2006-4502

openssh-sshdc-logingracetime-dos(20930)

oval:org.mitre.oval:def:11541

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.