HPSBUX02178 SSRT061267

Executive Summary

Summary
Title	HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS)

Informations
Name	HPSBUX02178 SSRT061267	First vendor Publication	2006-12-01
Vendor	HP	Last vendor Modification	2006-12-05
Severity (Vendor)	N/A	Revision	2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00815112

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9962

Oval ID:	oval:org.mitre.oval:def:9962
Title:	scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Description:	scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-0225	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openssh is earlier than 0:3.6.1p2-33.30.9 AND openssh-askpass is earlier than 0:3.6.1p2-33.30.9 AND openssh-server is earlier than 0:3.6.1p2-33.30.9 AND openssh-clients is earlier than 0:3.6.1p2-33.30.9 AND openssh-askpass-gnome is earlier than 0:3.6.1p2-33.30.9 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openssh is earlier than 0:3.9p1-8.RHEL4.12 AND openssh-askpass is earlier than 0:3.9p1-8.RHEL4.12 AND openssh-server is earlier than 0:3.9p1-8.RHEL4.12 AND openssh-clients is earlier than 0:3.9p1-8.RHEL4.12 AND openssh-askpass-gnome is earlier than 0:3.9p1-8.RHEL4.12

Definition Id: oval:org.mitre.oval:def:1138

Oval ID:	oval:org.mitre.oval:def:1138
Title:	Security Vernulbility Relating to scp(1) Command May Allow Attackers to Execute Arbitrary Commands
Description:	scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-0225	Version:	1
Platform(s):	Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Solaris 9 (SPARC) Solaris 9 (SPARC) is installed AND NOT Patch 114356-12 or later installed OR Solaris 9 (x86) Solaris 9 (x86) is installed AND NOT Patch 114357-11 or later installed OR Solaris 10 (SPARC) Solaris 10 (SPARC) is installed AND NOT Patch 123324-03 or later installed OR Solaris 10 (x86) Solaris 10 (x86) is installed AND NOT Patch 123325-03 or later installed

Definition Id: oval:org.mitre.oval:def:1193

Oval ID:	oval:org.mitre.oval:def:1193
Title:	Security Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the Host
Description:	sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-4924	Version:	1
Platform(s):	Sun Solaris 9 Sun Solaris 10	Product(s):
Definition Synopsis:
Software section Solaris 9 (SPARC) Solaris 9 (SPARC) is installed AND NOT Patch 113273-15 or later installed OR Solaris 9 (x86) Solaris 9 (x86) is installed AND NOT Patch 114858-12 or later installed OR Solaris 10 (SPARC) Solaris 10 (SPARC) is installed AND NOT Patch 123324-03 or later installed OR Solaris 10 (x86) Solaris 10 (x86) is installed AND NOT Patch 123325-03 or later installed AND Configuration section sshd is configured to use version 1 of the protocol AND NOT sshd is configured to use default versions (including version 1)

Definition Id: oval:org.mitre.oval:def:10462

Oval ID:	oval:org.mitre.oval:def:10462
Title:	sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Description:	sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-4924	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openssh is earlier than 0:3.6.1p2-33.30.12 AND openssh-askpass is earlier than 0:3.6.1p2-33.30.12 AND openssh-server is earlier than 0:3.6.1p2-33.30.12 AND openssh-clients is earlier than 0:3.6.1p2-33.30.12 AND openssh-askpass-gnome is earlier than 0:3.6.1p2-33.30.12 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openssh is earlier than 0:3.9p1-8.RHEL4.17 AND openssh-askpass is earlier than 0:3.9p1-8.RHEL4.17 AND openssh-server is earlier than 0:3.9p1-8.RHEL4.17 AND openssh-clients is earlier than 0:3.9p1-8.RHEL4.17 AND openssh-askpass-gnome is earlier than 0:3.9p1-8.RHEL4.17

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openbsd Openssh cpe:/a:openbsd:openssh:4.3p1 cpe:/a:openbsd:openssh:4.3 cpe:/a:openbsd:openssh:4.2p1 cpe:/a:openbsd:openssh:4.2 cpe:/a:openbsd:openssh:4.1p1 cpe:/a:openbsd:openssh:4.0p1 cpe:/a:openbsd:openssh:4.0 cpe:/a:openbsd:openssh:3.9.1p1 cpe:/a:openbsd:openssh:3.9.1 cpe:/a:openbsd:openssh:3.9 cpe:/a:openbsd:openssh:3.8.1p1 cpe:/a:openbsd:openssh:3.8.1 cpe:/a:openbsd:openssh:3.8 cpe:/a:openbsd:openssh:3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p1 cpe:/a:openbsd:openssh:3.7.1 cpe:/a:openbsd:openssh:3.7 cpe:/a:openbsd:openssh:3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p1 cpe:/a:openbsd:openssh:3.6.1 cpe:/a:openbsd:openssh:3.6 cpe:/a:openbsd:openssh:3.5p1 cpe:/a:openbsd:openssh:3.5 cpe:/a:openbsd:openssh:3.4p1 cpe:/a:openbsd:openssh:3.4 cpe:/a:openbsd:openssh:3.3p1 cpe:/a:openbsd:openssh:3.3 cpe:/a:openbsd:openssh:3.2.3p1 cpe:/a:openbsd:openssh:3.2.2p1 cpe:/a:openbsd:openssh:3.2.2 cpe:/a:openbsd:openssh:3.2 cpe:/a:openbsd:openssh:3.1p1 cpe:/a:openbsd:openssh:3.1 cpe:/a:openbsd:openssh:3.0p1 cpe:/a:openbsd:openssh:3.0.2p1 cpe:/a:openbsd:openssh:3.0.2 cpe:/a:openbsd:openssh:3.0.1p1 cpe:/a:openbsd:openssh:3.0.1 cpe:/a:openbsd:openssh:3.0 cpe:/a:openbsd:openssh:2.9p2 cpe:/a:openbsd:openssh:2.9p1 cpe:/a:openbsd:openssh:2.9.9p2 cpe:/a:openbsd:openssh:2.9.9 cpe:/a:openbsd:openssh:2.9 cpe:/a:openbsd:openssh:2.5.2 cpe:/a:openbsd:openssh:2.5.1 cpe:/a:openbsd:openssh:2.5 cpe:/a:openbsd:openssh:2.3 cpe:/a:openbsd:openssh:2.2 cpe:/a:openbsd:openssh:2.1.1 cpe:/a:openbsd:openssh:2.1 cpe:/a:openbsd:openssh:1.2.3 cpe:/a:openbsd:openssh:1.2.27 cpe:/a:openbsd:openssh:1.2.2 cpe:/a:openbsd:openssh:1.2.1 cpe:/a:openbsd:openssh:1.2	56

Open Source Vulnerability Database (OSVDB)

id	Description
29152	OpenSSH Identical Block Packet DoS
22692	OpenSSH scp Command Line Filename Processing Command Injection

Related	Severity
CVE-2006-4924	(High)
CVE-2006-0225	(Medium)

Same Subject	Severity
Login to view 11 more Alert(s)

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.4721s

Facebook rss twitter linkedin mail