FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4924

This CVE name corresponds to:

Entered Topic
2006-09-30 openssh -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4924 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4924
Phase Assigned(20060921)

Description

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

References

Source Reference
BUGTRAQ 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server
MLIST [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released
MLIST [security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability
MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=148228
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM https://issues.rpath.com/browse/RPL-661
CONFIRM http://docs.info.apple.com/article.html?artnum=305214
CONFIRM http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=681763
CONFIRM https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
APPLE APPLE-SA-2007-03-13
DEBIAN DSA-1189
DEBIAN DSA-1212
FREEBSD FreeBSD-SA-06:22.openssh
FREEBSD FreeBSD-SA-06:22
GENTOO GLSA-200609-17
GENTOO GLSA-200611-06
HP HPSBUX02178
HP SSRT061267
MANDRIVA MDKSA-2006:179
OPENBSD [2.9] 015: SECURITY FIX: October 12, 2006
OPENPKG OpenPKG-SA-2006.022
REDHAT RHSA-2006:0698
REDHAT RHSA-2006:0697
SCO SCOSA-2008.2
SGI 20061001-01-P
SLACKWARE SSA:2006-272-02
SUNALERT 102962
SUSE SUSE-SR:2006:024
SUSE SUSE-SA:2006:062
TRUSTIX 2006-0054
UBUNTU USN-355-1
CERT TA07-072A
CERT-VN VU#787448
BID 20216
OVAL oval:org.mitre.oval:def:10462
SECUNIA 34274
VUPEN ADV-2006-3777
VUPEN ADV-2006-4401
VUPEN ADV-2006-4869
VUPEN ADV-2007-0930
VUPEN ADV-2007-1332
VUPEN ADV-2007-2119
OSVDB 29152
OVAL oval:org.mitre.oval:def:1193
SECTRACK 1016931
SECUNIA 22091
SECUNIA 21923
SECUNIA 22164
SECUNIA 22158
SECUNIA 22183
SECUNIA 22196
SECUNIA 22236
SECUNIA 22270
SECUNIA 22116
SECUNIA 22208
SECUNIA 22245
SECUNIA 22352
SECUNIA 22362
SECUNIA 22495
SECUNIA 22487
SECUNIA 22823
SECUNIA 22926
SECUNIA 23038
SECUNIA 23241
SECUNIA 22298
SECUNIA 23340
SECUNIA 23680
SECUNIA 24479
SECUNIA 24805
SECUNIA 25608
SECUNIA 24799
SECUNIA 29371
VUPEN ADV-2009-0740
XF openssh-block-dos(29158)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.