Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-4109
HistorySep 18, 2008 - 12:00 a.m.

CVE-2008-4109

2008-09-1800:00:00
ubuntu.com
ubuntu.com
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.3%

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before
4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses
functions that are not async-signal-safe in the signal handler for login
timeouts, which allows remote attackers to cause a denial of service
(connection slot exhaustion) via multiple login attempts. NOTE: this issue
exists because of an incorrect fix for CVE-2006-5051.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchopenssh< 1:4.2p1-7ubuntu3.5UNKNOWN
ubuntu7.04noarchopenssh< 1:4.3p2-8ubuntu1.5UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.3%