Lucene search

[email protected]CVE-2006-4924

HistorySep 27, 2006 - 1:07 a.m.

CVE-2006-4924

2006-09-2701:07:00

CWE-399

[email protected]

web.nvd.nist.gov

1269

cve-2006-4924

openssh

denial of service

ssh

cpu consumption

nvd

6.2 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.946 High

EPSS

Percentile

99.2%

JSON

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

CPENameOperatorVersion
openbsd:opensshopenbsd openssheq3.8
openbsd:opensshopenbsd openssheq3.8.1p1
openbsd:opensshopenbsd openssheq3.2.2
openbsd:opensshopenbsd openssheq3.1
openbsd:opensshopenbsd openssheq3.0.2p1
openbsd:opensshopenbsd openssheq3.8.1
openbsd:opensshopenbsd openssheq2.1.1
openbsd:opensshopenbsd openssheq3.7.1p2
openbsd:opensshopenbsd openssheq3.2.3p1
openbsd:opensshopenbsd openssheq3.1p1

CPE	Name	Operator	Version
openbsd:openssh	openbsd openssh	eq	3.8
openbsd:openssh	openbsd openssh	eq	3.8.1p1
openbsd:openssh	openbsd openssh	eq	3.2.2
openbsd:openssh	openbsd openssh	eq	3.1
openbsd:openssh	openbsd openssh	eq	3.0.2p1
openbsd:openssh	openbsd openssh	eq	3.8.1
openbsd:openssh	openbsd openssh	eq	2.1.1
openbsd:openssh	openbsd openssh	eq	3.7.1p2
openbsd:openssh	openbsd openssh	eq	3.2.3p1
openbsd:openssh	openbsd openssh	eq	3.1p1

Rows per page:

1-10 of 561

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc

ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt

ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability

bugs.gentoo.org/show_bug.cgi?id=148228

docs.info.apple.com/article.html?artnum=305214

itrc.hp.com/service/cki/docDisplay.do?docId=c00815112

lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

marc.info/?l=openssh-unix-dev&m=115939141729160&w=2

secunia.com/advisories/21923

secunia.com/advisories/22091

secunia.com/advisories/22116

secunia.com/advisories/22158

secunia.com/advisories/22164

secunia.com/advisories/22183

secunia.com/advisories/22196

secunia.com/advisories/22208

secunia.com/advisories/22236

secunia.com/advisories/22245

secunia.com/advisories/22270

secunia.com/advisories/22298

secunia.com/advisories/22352

secunia.com/advisories/22362

secunia.com/advisories/22487

secunia.com/advisories/22495

secunia.com/advisories/22823

secunia.com/advisories/22926

secunia.com/advisories/23038

secunia.com/advisories/23241

secunia.com/advisories/23340

secunia.com/advisories/23680

secunia.com/advisories/24479

secunia.com/advisories/24799

secunia.com/advisories/24805

secunia.com/advisories/25608

secunia.com/advisories/29371

secunia.com/advisories/34274

security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc

security.gentoo.org/glsa/glsa-200609-17.xml

security.gentoo.org/glsa/glsa-200611-06.xml

securitytracker.com/id?1016931

slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566

sourceforge.net/forum/forum.php?forum_id=681763

sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1

support.avaya.com/elmodocs2/security/ASA-2006-216.htm

support.avaya.com/elmodocs2/security/ASA-2006-262.htm

www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html

www.debian.org/security/2006/dsa-1189

www.debian.org/security/2006/dsa-1212

www.kb.cert.org/vuls/id/787448

www.mandriva.com/security/advisories?name=MDKSA-2006:179

www.novell.com/linux/security/advisories/2006_24_sr.html

www.novell.com/linux/security/advisories/2006_62_openssh.html

www.openbsd.org/errata.html#ssh

www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html

www.osvdb.org/29152

www.redhat.com/support/errata/RHSA-2006-0697.html

www.redhat.com/support/errata/RHSA-2006-0698.html

www.securityfocus.com/archive/1/447153/100/0/threaded

www.securityfocus.com/bid/20216

www.trustix.org/errata/2006/0054

www.ubuntu.com/usn/usn-355-1

www.us-cert.gov/cas/techalerts/TA07-072A.html

www.vmware.com/support/vi3/doc/esx-3069097-patch.html

www.vmware.com/support/vi3/doc/esx-9986131-patch.html

www.vupen.com/english/advisories/2006/3777

www.vupen.com/english/advisories/2006/4401

www.vupen.com/english/advisories/2006/4869

www.vupen.com/english/advisories/2007/0930

www.vupen.com/english/advisories/2007/1332

www.vupen.com/english/advisories/2007/2119

www.vupen.com/english/advisories/2009/0740

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955

exchange.xforce.ibmcloud.com/vulnerabilities/29158

hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg

issues.rpath.com/browse/RPL-661

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193

6.2 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.946 High

EPSS

Percentile

99.2%

JSON

CVE-2006-4924

References

Related