CVE-2006-4924

Severity

78%

Complexity

99%

Confidentiality

115%

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Overview

Type

OpenBSD OpenSSH

First reported 18 years ago

2006-09-27 01:07:00

Last updated 6 years ago

2018-10-17 21:40:00

Affected Software

OpenBSD OpenSSH 1.2

1.2

OpenBSD OpenSSH 1.2.1

1.2.1

OpenBSD OpenSSH 1.2.2

1.2.2

OpenBSD OpenSSH 1.2.3

1.2.3

OpenBSD OpenSSH 1.2.27

1.2.27

OpenBSD OpenSSH 2.1

2.1

OpenBSD OpenSSH 2.1.1

2.1.1

OpenBSD OpenSSH 2.2

2.2

OpenBSD OpenSSH 2.3

2.3

OpenBSD OpenSSH 2.5

2.5

OpenBSD OpenSSH 2.5.1

2.5.1

OpenBSD OpenSSH 2.5.2

2.5.2

OpenBSD OpenSSH 2.9

2.9

OpenBSD OpenSSH 2.9.9

2.9.9

OpenBSD OpenSSH 2.9.9 p2

2.9.9p2

OpenBSD OpenSSH 2.9 p1

2.9p1

OpenBSD OpenSSH 2.9 p2

2.9p2

OpenBSD OpenSSH 3.0

3.0

OpenBSD OpenSSH 3.0.1

3.0.1

OpenBSD OpenSSH 3.0.1 p1

3.0.1p1

OpenBSD OpenSSH 3.0.2

3.0.2

OpenBSD OpenSSH 3.0.2p1

3.0.2p1

OpenBSD OpenSSH 3.0 p1

3.0p1

OpenBSD OpenSSH 3.1

3.1

OpenBSD OpenSSH 3.1 p1

3.1p1

OpenBSD OpenSSH 3.2

3.2

OpenBSD OpenSSH 3.2.2

3.2.2

OpenBSD OpenSSH 3.2.2 p1

3.2.2p1

OpenBSD OpenSSH 3.2.3 p1

3.2.3p1

OpenBSD OpenSSH 3.3

3.3

OpenBSD OpenSSH 3.3 p1

3.3p1

OpenBSD OpenSSH 3.4

3.4

OpenBSD OpenSSH 3.4 p1

3.4p1

OpenBSD OpenSSH 3.5

3.5

OpenBSD OpenSSH 3.5 p1

3.5p1

OpenBSD OpenSSH 3.6

3.6

OpenBSD OpenSSH 3.6.1

3.6.1

OpenBSD OpenSSH 3.6.1 p1

3.6.1p1

OpenBSD OpenSSH 3.6.1 p2

3.6.1p2

OpenBSD OpenSSH 3.7

3.7

OpenBSD OpenSSH 3.7.1

3.7.1

OpenBSD OpenSSH 3.7.1 p1

3.7.1p1

OpenBSD OpenSSH 3.7.1 p2

3.7.1p2

OpenBSD OpenSSH 3.8

3.8

OpenBSD OpenSSH 3.8.1

3.8.1

OpenBSD OpenSSH 3.8.1 p1

3.8.1p1

OpenBSD OpenSSH 3.9

3.9

OpenBSD OpenSSH 3.9.1

3.9.1

OpenBSD OpenSSH 3.9.1 p1

3.9.1p1

OpenBSD OpenSSH 4.0

4.0

OpenBSD OpenSSH Portable 4.0.p1

4.0p1

OpenBSD OpenSSH Portable 4.1.p1

4.1p1

OpenBSD OpenSSH 4.2

4.2

OpenBSD OpenSSH Portable 4.2.p1

4.2p1

OpenBSD OpenSSH 4.3

4.3

OpenBSD OpenSSH Portable 4.3.p1

4.3p1

References

FreeBSD-SA-06:22.openssh

SCOSA-2008.2

20061001-01-P

http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability

http://bugs.gentoo.org/show_bug.cgi?id=148228

http://docs.info.apple.com/article.html?artnum=305214

HPSBUX02178

APPLE-SA-2007-03-13

[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released

21923

Vendor Advisory

22091

Vendor Advisory

22116

Vendor Advisory

22158

Vendor Advisory

22164

Vendor Advisory

22183

Vendor Advisory

22196

Vendor Advisory

22208

Vendor Advisory

22236

Vendor Advisory

22245

Vendor Advisory

22270

Vendor Advisory

22298

Vendor Advisory

22352

Vendor Advisory

22362

Vendor Advisory

22487

Vendor Advisory

22495

Vendor Advisory

22823

Vendor Advisory

22926

Vendor Advisory

23038

Vendor Advisory

23241

Vendor Advisory

23340

Vendor Advisory

23680

24479

24799

24805

25608

29371

34274

FreeBSD-SA-06:22

GLSA-200609-17

GLSA-200611-06

1016931

SSA:2006-272-02

http://sourceforge.net/forum/forum.php?forum_id=681763

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

102962

http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm

DSA-1189

Patch

DSA-1212

Patch

VU#787448

US Government Resource

MDKSA-2006:179

SUSE-SR:2006:024

SUSE-SA:2006:062

[2.9] 015: SECURITY FIX: October 12, 2006

OpenPKG-SA-2006.022

29152

RHSA-2006:0697

RHSA-2006:0698

20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server

20216

Exploit, Patch

2006-0054

USN-355-1

TA07-072A

US Government Resource

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

ADV-2006-3777

ADV-2006-4401

ADV-2006-4869

ADV-2007-0930

ADV-2007-1332

ADV-2007-2119

ADV-2009-0740

[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955

Patch, Vendor Advisory

openssh-block-dos(29158)

https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg

https://issues.rpath.com/browse/RPL-661

oval:org.mitre.oval:def:10462

oval:org.mitre.oval:def:1193

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.