Executive Summary
Summary | |
---|---|
Title | New openssh-krb5 packages fix denial of service and potential execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | DSA-1189 | First vendor Publication | 2006-10-04 |
Vendor | Debian | Last vendor Modification | 2006-10-04 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4924 Tavis Ormandy of the Google Security Team discovered a denial of service vulnerability in the mitigation code against complexity attacks, which might lead to increased CPU consumption until a timeout is triggered. This is only exploitable if support for SSH protocol version 1 is enabled. CVE-2006-5051 Mark Dowd discovered that insecure signal handler usage could potentially lead to execution of arbitrary code through a double free. The Debian Security Team doesn't believe the general openssh package without Kerberos support to be exploitable by this issue. However, due to the complexity of the underlying code we will issue an update to rule out all eventualities. For the stable distribution (sarge) these problems have been fixed in version 3.8.1p1-7sarge1. For the unstable distribution (sid) these problems have been fixed in version 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards a transitional package against openssh. We recommend that you upgrade your openssh-krb5 packages. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1189 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-415 | Double Free |
50 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10462 | |||
Oval ID: | oval:org.mitre.oval:def:10462 | ||
Title: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Description: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4924 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11387 | |||
Oval ID: | oval:org.mitre.oval:def:11387 | ||
Title: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
Description: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5051 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1193 | |||
Oval ID: | oval:org.mitre.oval:def:1193 | ||
Title: | Security Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the Host | ||
Description: | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4924 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5019505.nasl |
2009-02-27 | Name : Fedora Update for openssh FEDORA-2007-395 File : nvt/gb_fedora_2007_395_openssh_fc5.nasl |
2008-09-24 | Name : Debian Security Advisory DSA 1638-1 (openssh) File : nvt/deb_1638_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200609-17 (openssh) File : nvt/glsa_200609_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-06 (openssh) File : nvt/glsa_200611_06.nasl |
2008-09-04 | Name : FreeBSD Ports: openssh File : nvt/freebsd_openssh.nasl |
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) File : nvt/freebsdsa_openssh3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1189-1 (openssh-krb5) File : nvt/deb_1189_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) File : nvt/deb_1212_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-272-02 openssh File : nvt/esoft_slk_ssa_2006_272_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29264 | OpenSSH Signal Handler Pre-authentication Race Condition Code Execution OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely. |
29152 | OpenSSH Identical Block Packet DoS OpenSSH contains a flaw that may allow a pre-authentication remote denial of service. The issue is triggered when SSH version 1 is used via an SSH packet that contains duplicate blocks, and will result in loss of availability for the service. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | OpenSSH sshd identical blocks DoS attempt RuleID : 17317 - Revision : 11 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6736.nasl - Type : ACT_GATHER_INFO |
2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO |
2008-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1638.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-2184.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-355-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-2183.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-395.nasl - Type : ACT_GATHER_INFO |
2007-03-13 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-179.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_062.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1011.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-06.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1212.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1189.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_32db37a550c311dbacf3000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-272-02.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0698.nasl - Type : ACT_GATHER_INFO |
2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
2006-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200609-17.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:15 |
|