OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS

2006-03-01T06:14:39
ID OSVDB:23797
Type osvdb
Reporter William M. Grim(wgrim@siue.edu)
Modified 2006-03-01T06:14:39

Description

Vulnerability Description

OpenSSH, as used with OpenPAM on FreeBSD, and possibly other platforms, contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the way each program handles forked processes and calls to the PAM resources. Due to this conflict, an attacker can make repeated connections to the OpenSSH service causing it to stop processing new connections.

Technical Description

The vulnerability is due to OpenSSH and OpenPAM having conflicting designs and only manifests in systems using both.

Solution Description

Upgrade to version 3.9p1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenSSH, as used with OpenPAM on FreeBSD, and possibly other platforms, contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the way each program handles forked processes and calls to the PAM resources. Due to this conflict, an attacker can make repeated connections to the OpenSSH service causing it to stop processing new connections.

References:

Vendor URL: http://www.openssh.org/ Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248125 Vendor Specific Advisory URL Security Tracker: 1015706 Other Advisory URL: http://bugzilla.mindrot.org/show_bug.cgi?id=839 FrSIRT Advisory: ADV-2006-0805 CVE-2006-0883 Bugtraq ID: 16892