SOL6736 - OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924

This security advisory describes an OpenSSH Signal Handling vulnerability (CVE-2006-5051). A remote attacker could possibly leverage this flaw to cause a denial of service.

This security advisory also describes a denial of service bug (CVE-2006-4924) in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing the SSH daemon,sshd, to consume a large quantity of CPU resources.

Information about this advisory is available at the following locations:

Note: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051&gt;

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924&gt;

Note: The vulnerable F5 products listed use the SSH versions determined to be vulnerable to advisory CVE-2006-5051. However, the GSSAPI authentication features required to exploit the vulnerability are not enabled.

F5 Product Development tracked this issue as CR70329, CR70330, and CR70313 for BIG-IP LTM, BIG-IP GTM and BIG-IP ASM, and it was fixed in version 9.4.2. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM release notes.

F5 Product Development tracked this issue as CR70315 for Enterprise Manager, and it was fixed in version 1.4.1. For information about upgrading, refer to the Enterprise Manager release notes.