openssh vulnerabilities

ID USN-355-1
Type ubuntu
Reporter Ubuntu
Modified 2006-10-02T00:00:00


Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924)

Mark Dowd discovered a race condition in the server’s signal handling. A remote attacker could exploit this to crash the server. (CVE-2006-5051)