Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0883 | First vendor Publication | 2006-03-06 |
Vendor | Cve | Last vendor Modification | 2017-07-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0883 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc) File : nvt/freebsdsa_openssh2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23797 | OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS OpenSSH, as used with OpenPAM on FreeBSD, and possibly other platforms, contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the way each program handles forked processes and calls to the PAM resources. Due to this conflict, an attacker can make repeated connections to the OpenSSH service causing it to stop processing new connections. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-04 | Name : The SSH server running on the remote host has a denial of service vulnerability. File : openssh_381p1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:03:52 |
|
2024-02-01 12:01:52 |
|
2023-09-05 12:03:38 |
|
2023-09-05 01:01:43 |
|
2023-09-02 12:03:41 |
|
2023-09-02 01:01:43 |
|
2023-08-12 12:04:16 |
|
2023-08-12 01:01:44 |
|
2023-08-11 12:03:45 |
|
2023-08-11 01:01:46 |
|
2023-08-06 12:03:32 |
|
2023-08-06 01:01:44 |
|
2023-08-04 12:03:36 |
|
2023-08-04 01:01:46 |
|
2023-07-14 12:03:35 |
|
2023-07-14 01:01:45 |
|
2023-03-29 01:03:49 |
|
2023-03-28 12:01:50 |
|
2022-10-11 12:03:12 |
|
2022-10-11 01:01:36 |
|
2022-08-05 12:03:08 |
|
2021-05-04 12:03:44 |
|
2021-04-22 01:04:16 |
|
2020-05-23 00:17:27 |
|
2019-03-19 12:02:01 |
|
2017-07-20 09:23:23 |
|
2016-06-28 15:38:05 |
|
2014-02-17 10:34:48 |
|
2013-05-11 10:50:11 |
|