CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-93
OpenSSH Identical Blocks Denial of Service Vulnerability

Original Issue Date: September 28, 2006

Severity Rating: Medium

Systems Affected

OpenSSH 3.x
OpenSSH 4.x

Overview

A vulnerability has been reported in OpenSSH which could be exploited by remote attackers to cause denial of service attacks.

Description

A vulnerability has been reported in OpenSSH due an error while handling multiple identical blocks in a ssh packet. If ssh protocol 1 is enabled, this could be exploited to by a remote attacker to cause a DoS attack by sending a specially crafted ssh packet.

Solution

Apply appropriate patch suggested by vendor.

Vendor information

OpenSSH
www.openssh.com

References

RedHat
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955

Secunia
http://secunia.com/advisories/22091/

CVE Name
CVE-2006-4924

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2006-93 OpenSSH Identical Blocks Denial of Service Vulnerability

CERT-In Vulnerability Note CIVN-2006-93
OpenSSH Identical Blocks Denial of Service Vulnerability