5 - CVE-2008-4109

Executive Summary

Informations
Name	CVE-2008-4109	First vendor Publication	2008-09-18
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17752

Oval ID:	oval:org.mitre.oval:def:17752
Title:	USN-649-1 -- openssh vulnerabilities
Description:	It was discovered that the ForceCommand directive could be bypassed.
Family:	unix	Class:	patch
Reference(s):	USN-649-1 CVE-2008-1657 CVE-2008-4109	Version:	5
Platform(s):	Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10	Product(s):	openssh
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND openssh-server DPKG is earlier than 1:4.2p1-7ubuntu3.5 AND Release section Ubuntu 7.04 is installed AND openssh-server DPKG is earlier than 1:4.3p2-8ubuntu1.5 AND Release section Ubuntu 7.10 is installed AND openssh-server DPKG is earlier than 1:4.6p1-5ubuntu0.6

Definition Id: oval:org.mitre.oval:def:8085

Oval ID:	oval:org.mitre.oval:def:8085
Title:	DSA-1638 openssh -- denial of service
Description:	It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109). The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), but the patch backported to the version released with etch was incorrect. Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a "[net]" process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability. It is possible to trigger this denial of service condition by accident.
Family:	unix	Class:	patch
Reference(s):	DSA-1638 CVE-2006-5051 CVE-2008-4109	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	openssh
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section ssh-krb5 is earlier than 4.3p2-9etch3 AND ssh is earlier than 4.3p2-9etch3 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is hppa AND Packages section openssh-server is earlier than 4.3p2-9etch3 AND openssh-client is earlier than 4.3p2-9etch3 AND ssh-askpass-gnome is earlier than 4.3p2-9etch3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openbsd Openssh cpe:2.3:a:openbsd:openssh:5.8:p2:::::: cpe:2.3:a:openbsd:openssh:4.7:p1:::::: cpe:2.3:a:openbsd:openssh:4.6:p1:::::: cpe:2.3:a:openbsd:openssh:4.6:-:::::: cpe:2.3:a:openbsd:openssh:4.5:p1:::::: cpe:2.3:a:openbsd:openssh:4.5:-:::::: cpe:2.3:a:openbsd:openssh:4.4:p1:::::: cpe:2.3:a:openbsd:openssh:4.4:-:::::: cpe:2.3:a:openbsd:openssh:4.3:-:::::: cpe:2.3:a:openbsd:openssh:4.3:p1:::::: cpe:2.3:a:openbsd:openssh:4.3:p2:::::: cpe:2.3:a:openbsd:openssh:4.2:-:::::: cpe:2.3:a:openbsd:openssh:4.2:p1:::::: cpe:2.3:a:openbsd:openssh:4.1:p1:::::: cpe:2.3:a:openbsd:openssh:4.1:-:::::: cpe:2.3:a:openbsd:openssh:4.0:p1:::::: cpe:2.3:a:openbsd:openssh:4.0:-:::::: cpe:2.3:a:openbsd:openssh:3.9.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.9.1:::::::* cpe:2.3:a:openbsd:openssh:3.9:-:::::: cpe:2.3:a:openbsd:openssh:3.9:p1:::::: cpe:2.3:a:openbsd:openssh:3.8.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.8.1:-:::::: cpe:2.3:a:openbsd:openssh:3.8:p1:::::: cpe:2.3:a:openbsd:openssh:3.8:-:::::: cpe:2.3:a:openbsd:openssh:3.7.1:p2:::::: cpe:2.3:a:openbsd:openssh:3.7.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.7.1:-:::::: cpe:2.3:a:openbsd:openssh:3.7:::::::* cpe:2.3:a:openbsd:openssh:3.6.1:p2:::::: cpe:2.3:a:openbsd:openssh:3.6.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.6.1:-:::::: cpe:2.3:a:openbsd:openssh:3.6:p1:::::: cpe:2.3:a:openbsd:openssh:3.6:-:::::: cpe:2.3:a:openbsd:openssh:3.5:p1:::::: cpe:2.3:a:openbsd:openssh:3.5:-:::::: cpe:2.3:a:openbsd:openssh:3.4:p1:::::: cpe:2.3:a:openbsd:openssh:3.4:-:::::: cpe:2.3:a:openbsd:openssh:3.3:p1:::::: cpe:2.3:a:openbsd:openssh:3.3:-:::::: cpe:2.3:a:openbsd:openssh:3.2.3:p1:::::: cpe:2.3:a:openbsd:openssh:3.2.3:-:::::: cpe:2.3:a:openbsd:openssh:3.2.2:p1:::::: cpe:2.3:a:openbsd:openssh:3.2.2:-:::::: cpe:2.3:a:openbsd:openssh:3.2:::::::* cpe:2.3:a:openbsd:openssh:3.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.1:-:::::: cpe:2.3:a:openbsd:openssh:3.0.2:-:::::: cpe:2.3:a:openbsd:openssh:3.0.2:p1:::::: cpe:2.3:a:openbsd:openssh:3.0.1:p1:::::: cpe:2.3:a:openbsd:openssh:3.0.1:-:::::: cpe:2.3:a:openbsd:openssh:3.0:p1:::::: cpe:2.3:a:openbsd:openssh:3.0:-:::::: cpe:2.3:a:openbsd:openssh:2.9.9:p1:::::: cpe:2.3:a:openbsd:openssh:2.9.9:-:::::: cpe:2.3:a:openbsd:openssh:2.9.9:p2:::::: cpe:2.3:a:openbsd:openssh:2.9:p2:::::: cpe:2.3:a:openbsd:openssh:2.9:p1:::::: cpe:2.3:a:openbsd:openssh:2.9:-:::::: cpe:2.3:a:openbsd:openssh:2.5.2:p2:::::: cpe:2.3:a:openbsd:openssh:2.5.2:-:::::: cpe:2.3:a:openbsd:openssh:2.5.1:p2:::::: cpe:2.3:a:openbsd:openssh:2.5.1:-:::::: cpe:2.3:a:openbsd:openssh:2.5.1:p1:::::: cpe:2.3:a:openbsd:openssh:2.5:::::::* cpe:2.3:a:openbsd:openssh:2.3.1:::::::* cpe:2.3:a:openbsd:openssh:2.3.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.3.0:-:::::: cpe:2.3:a:openbsd:openssh:2.3:::::::* cpe:2.3:a:openbsd:openssh:2.2.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.2.0:-:::::: cpe:2.3:a:openbsd:openssh:2.2:::::::* cpe:2.3:a:openbsd:openssh:2.1.1:-:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p4:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p3:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p2:::::: cpe:2.3:a:openbsd:openssh:2.1.1:p1:::::: cpe:2.3:a:openbsd:openssh:2.1.0:p1:::::: cpe:2.3:a:openbsd:openssh:2.1.0:-:::::: cpe:2.3:a:openbsd:openssh:2.1:::::::* cpe:2.3:a:openbsd:openssh:2:::::::* cpe:2.3:a:openbsd:openssh:1.5.8:::::::* cpe:2.3:a:openbsd:openssh:1.5.7:::::::* cpe:2.3:a:openbsd:openssh:1.5:::::::* cpe:2.3:a:openbsd:openssh:1.3:::::::* cpe:2.3:a:openbsd:openssh:1.2.3:-:::::: cpe:2.3:a:openbsd:openssh:1.2.3:p1:::::: cpe:2.3:a:openbsd:openssh:1.2.27:::::::* cpe:2.3:a:openbsd:openssh:1.2.2:-:::::: cpe:2.3:a:openbsd:openssh:1.2.2:p1:::::: cpe:2.3:a:openbsd:openssh:1.2.1:::::::* cpe:2.3:a:openbsd:openssh:1.2:::::::* cpe:2.3:a:openbsd:openssh:::::::: cpe:2.3:a:openbsd:openssh:-:::::::*	94

OpenVAS Exploits

Date	Description
2009-10-13	Name : SLES10: Security update for OpenSSH File : nvt/sles10_openssh.nasl
2009-10-10	Name : SLES9: Security update for OpenSSH File : nvt/sles9p5036180.nasl
2009-03-23	Name : Ubuntu Update for openssh vulnerabilities USN-649-1 File : nvt/gb_ubuntu_USN_649_1.nasl
2008-09-24	Name : Debian Security Advisory DSA 1638-1 (openssh) File : nvt/deb_1638_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
29264	OpenSSH Signal Handler Pre-authentication Race Condition Code Execution OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely.

Description

29264

OpenSSH Signal Handler Pre-authentication Race Condition Code Execution

OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely.

Nessus® Vulnerability Scanner

Date	Description
2011-08-29	Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12257.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO
2008-10-01	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-5627.nasl - Type : ACT_GATHER_INFO
2008-09-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1638.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-355-1.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-179.nasl - Type : ACT_GATHER_INFO
2006-09-28	Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
http://secunia.com/advisories/31885
http://secunia.com/advisories/32080
http://secunia.com/advisories/32181
http://www.debian.org/security/2008/dsa-1638
http://www.openwall.com/lists/oss-security/2024/07/01/3
http://www.securitytracker.com/id?1020891
http://www.ubuntu.com/usn/usn-649-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/45202

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 23:13:30	Multiple Updates
2024-11-28 12:16:30	Multiple Updates
2024-08-02 12:09:48	Multiple Updates
2024-08-02 01:02:47	Multiple Updates
2024-07-01 21:27:46	Multiple Updates
2024-02-02 01:09:21	Multiple Updates
2024-02-01 12:02:46	Multiple Updates
2023-09-05 12:08:43	Multiple Updates
2023-09-05 01:02:37	Multiple Updates
2023-09-02 12:08:50	Multiple Updates
2023-09-02 01:02:38	Multiple Updates
2023-08-12 12:10:25	Multiple Updates
2023-08-12 01:02:38	Multiple Updates
2023-08-11 12:08:53	Multiple Updates
2023-08-11 01:02:43	Multiple Updates
2023-08-06 12:08:30	Multiple Updates
2023-08-06 01:02:39	Multiple Updates
2023-08-04 12:08:35	Multiple Updates
2023-08-04 01:02:42	Multiple Updates
2023-07-14 12:08:34	Multiple Updates
2023-07-14 01:02:39	Multiple Updates
2023-03-29 01:09:46	Multiple Updates
2023-03-28 12:02:45	Multiple Updates
2022-10-11 12:07:36	Multiple Updates
2022-10-11 01:02:29	Multiple Updates
2022-08-05 12:07:07	Multiple Updates
2020-07-25 12:03:41	Multiple Updates
2020-05-24 01:04:46	Multiple Updates
2020-05-23 00:22:16	Multiple Updates
2019-10-09 01:02:42	Multiple Updates
2017-08-08 09:24:23	Multiple Updates
2016-06-28 17:18:00	Multiple Updates
2016-04-26 17:49:48	Multiple Updates
2014-02-17 10:46:36	Multiple Updates
2013-05-11 00:26:25	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	94
Sources(s)	10
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	8

	Related
9.3	DSA-1638
8.1	CVE-2024-6387
6.5	USN-649-1
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

5 - CVE-2008-4109

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU