Lucene search

Debian: Security Advisory (DSA-1638-1)

The remote host is missing an update for the Debian 'openssh' package(s) announced via the DSA-1638-1 advisory. It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109). The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), but the patch backported to the version released with etch was incorrect. We recommend that you upgrade your openssh packages

Reporter	Title	Published	Views	Family All 143
Prion	Code injection	18 Sep 200815:04	–	prion
Cvelist	CVE-2008-4109	17 Sep 200818:06	–	cvelist
Cvelist	CVE-2006-5051	27 Sep 200623:00	–	cvelist
Cvelist	CVE-2024-6387 Openssh: regresshion - race condition in ssh allows rce/dos	1 Jul 202412:37	–	cvelist
securityvulns	Multiple OpenSSH security vulnerabilities	3 Oct 200800:00	–	securityvulns
securityvulns	[SECURITY] [DSA 1638-1] New openssh packages fix denial of service	20 Sep 200800:00	–	securityvulns
securityvulns	[USN-649-1] OpenSSH vulnerabilities	3 Oct 200800:00	–	securityvulns
F5 Networks	K14742 : OpenSSH vulnerability CVE-2008-4109	30 Jul 201400:00	–	f5
F5 Networks	SOL14742 - OpenSSH vulnerability CVE-2008-4109	10 Oct 201300:00	–	f5
F5 Networks	SOL6736 - OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924	10 Oct 200600:00	–	f5

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/DSA-1638
debian	www.debian.org/security/2008/DSA-1638-1

# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.61639");
  script_cve_id("CVE-2006-5051", "CVE-2008-4109");
  script_tag(name:"creation_date", value:"2008-09-24 15:42:31 +0000 (Wed, 24 Sep 2008)");
  script_version("2024-02-05T05:05:38+0000");
  script_tag(name:"last_modification", value:"2024-02-05 05:05:38 +0000 (Mon, 05 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-02-02 15:36:44 +0000 (Fri, 02 Feb 2024)");

  script_name("Debian: Security Advisory (DSA-1638-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB4");

  script_xref(name:"Advisory-ID", value:"DSA-1638-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2008/DSA-1638-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1638");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openssh' package(s) announced via the DSA-1638-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109).

The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), but the patch backported to the version released with etch was incorrect.

Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a '[net]' process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability. It is possible to trigger this denial of service condition by accident.

For the stable distribution (etch), this problem has been fixed in version 4.3p2-9etch3.

For the unstable distribution (sid) and the testing distribution (lenny), this problem has been fixed in version 4.6p1-1.

We recommend that you upgrade your openssh packages.");

  script_tag(name:"affected", value:"'openssh' package(s) on Debian 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB4") {

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client-udeb", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server-udeb", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"ssh", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"ssh-askpass-gnome", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"ssh-krb5", ver:"1:4.3p2-9etch3", rls:"DEB4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Sep 2008 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS29.3

CVSS38.1

EPSS0.86871

SSVC