Lucene search

[email protected]NVD:CVE-2010-5107

HistoryMar 07, 2013 - 8:55 p.m.

CVE-2010-5107

2013-03-0720:55:01

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Affected configurations

Nvd

Node

openbsdopensshRange≤6.1

openbsdopensshMatch1.2

openbsdopensshMatch1.2.1

openbsdopensshMatch1.2.2

openbsdopensshMatch1.2.3

openbsdopensshMatch1.2.27

openbsdopensshMatch1.3

openbsdopensshMatch1.5

openbsdopensshMatch1.5.7

openbsdopensshMatch1.5.8

openbsdopensshMatch2.1

openbsdopensshMatch2.1.1

openbsdopensshMatch2.2

openbsdopensshMatch2.3

openbsdopensshMatch2.3.1

openbsdopensshMatch2.5

openbsdopensshMatch2.5.1

openbsdopensshMatch2.5.2

openbsdopensshMatch2.9

openbsdopensshMatch2.9.9

openbsdopensshMatch2.9.9p2

openbsdopensshMatch2.9p1

openbsdopensshMatch2.9p2

openbsdopensshMatch3.0

openbsdopensshMatch3.0.1

openbsdopensshMatch3.0.1p1

openbsdopensshMatch3.0.2

openbsdopensshMatch3.0.2p1

openbsdopensshMatch3.0p1

openbsdopensshMatch3.1

openbsdopensshMatch3.1p1

openbsdopensshMatch3.2

openbsdopensshMatch3.2.2

openbsdopensshMatch3.2.2p1

openbsdopensshMatch3.2.3p1

openbsdopensshMatch3.3

openbsdopensshMatch3.3p1

openbsdopensshMatch3.4

openbsdopensshMatch3.4p1

openbsdopensshMatch3.5

openbsdopensshMatch3.5p1

openbsdopensshMatch3.6

openbsdopensshMatch3.6.1

openbsdopensshMatch3.6.1p1

openbsdopensshMatch3.6.1p2

openbsdopensshMatch3.7

openbsdopensshMatch3.7.1

openbsdopensshMatch3.7.1p1

openbsdopensshMatch3.7.1p2

openbsdopensshMatch3.8

openbsdopensshMatch3.8.1

openbsdopensshMatch3.8.1p1

openbsdopensshMatch3.9

openbsdopensshMatch3.9.1

openbsdopensshMatch3.9.1p1

openbsdopensshMatch4.0

openbsdopensshMatch4.0p1

openbsdopensshMatch4.1

openbsdopensshMatch4.1p1

openbsdopensshMatch4.2

openbsdopensshMatch4.2p1

openbsdopensshMatch4.3

openbsdopensshMatch4.3p1

openbsdopensshMatch4.3p2

openbsdopensshMatch4.4

openbsdopensshMatch4.4p1

openbsdopensshMatch4.5

openbsdopensshMatch4.6

openbsdopensshMatch4.7

openbsdopensshMatch4.8

openbsdopensshMatch4.9

openbsdopensshMatch5.0

openbsdopensshMatch5.1

openbsdopensshMatch5.2

openbsdopensshMatch5.3

openbsdopensshMatch5.4

openbsdopensshMatch5.5

openbsdopensshMatch5.6

openbsdopensshMatch5.7

openbsdopensshMatch5.8

openbsdopensshMatch5.8p2

openbsdopensshMatch5.9

openbsdopensshMatch6.0

References

marc.info/?l=bugtraq&m=144050155601375&w=2

rhn.redhat.com/errata/RHSA-2013-1591.html

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

www.openwall.com/lists/oss-security/2013/02/07/3

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/58162

bugzilla.redhat.com/show_bug.cgi?id=908707

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON

Related for NVD:CVE-2010-5107

nessus21 cvelist1 debiancve1 openvas11 veracode1 redhat2 fedora2 f52 ibm2 checkpoint_advisories2 oraclelinux2 ubuntucve1 prion1 cve1 centos1 seebug1 securityvulns5 aix1 gentoo1 oracle1