7.8

CVE-2006-4924

Exploit
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version1.2
OpenbsdOpenssh Version1.2.1
OpenbsdOpenssh Version1.2.2
OpenbsdOpenssh Version1.2.3
OpenbsdOpenssh Version1.2.27
OpenbsdOpenssh Version2.1
OpenbsdOpenssh Version2.1.1
OpenbsdOpenssh Version2.2
OpenbsdOpenssh Version2.3
OpenbsdOpenssh Version2.5
OpenbsdOpenssh Version2.5.1
OpenbsdOpenssh Version2.5.2
OpenbsdOpenssh Version2.9
OpenbsdOpenssh Version2.9.9
OpenbsdOpenssh Version2.9.9p2
OpenbsdOpenssh Version2.9p1
OpenbsdOpenssh Version2.9p2
OpenbsdOpenssh Version3.0
OpenbsdOpenssh Version3.0.1
OpenbsdOpenssh Version3.0.1p1
OpenbsdOpenssh Version3.0.2
OpenbsdOpenssh Version3.0.2p1
OpenbsdOpenssh Version3.0p1
OpenbsdOpenssh Version3.1
OpenbsdOpenssh Version3.1p1
OpenbsdOpenssh Version3.2
OpenbsdOpenssh Version3.2.2
OpenbsdOpenssh Version3.2.2p1
OpenbsdOpenssh Version3.2.3p1
OpenbsdOpenssh Version3.3
OpenbsdOpenssh Version3.3p1
OpenbsdOpenssh Version3.4
OpenbsdOpenssh Version3.4p1
OpenbsdOpenssh Version3.5
OpenbsdOpenssh Version3.5p1
OpenbsdOpenssh Version3.6
OpenbsdOpenssh Version3.6.1
OpenbsdOpenssh Version3.6.1p1
OpenbsdOpenssh Version3.6.1p2
OpenbsdOpenssh Version3.7
OpenbsdOpenssh Version3.7.1
OpenbsdOpenssh Version3.7.1p1
OpenbsdOpenssh Version3.7.1p2
OpenbsdOpenssh Version3.8
OpenbsdOpenssh Version3.8.1
OpenbsdOpenssh Version3.8.1p1
OpenbsdOpenssh Version3.9
OpenbsdOpenssh Version3.9.1
OpenbsdOpenssh Version3.9.1p1
OpenbsdOpenssh Version4.0
OpenbsdOpenssh Version4.0p1
OpenbsdOpenssh Version4.1p1
OpenbsdOpenssh Version4.2
OpenbsdOpenssh Version4.2p1
OpenbsdOpenssh Version4.3
OpenbsdOpenssh Version4.3p1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 34.67% 0.982
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/22196
Vendor Advisory
http://secunia.com/advisories/23680
http://www.redhat.com/support/errata/RHSA-2006-0698.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://secunia.com/advisories/23340
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://secunia.com/advisories/24479
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/0930
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
http://secunia.com/advisories/23241
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
http://www.vupen.com/english/advisories/2006/4869
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://secunia.com/advisories/22487
Vendor Advisory
http://secunia.com/advisories/22298
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_24_sr.html
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
http://bugs.gentoo.org/show_bug.cgi?id=148228
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://secunia.com/advisories/21923
Vendor Advisory
http://secunia.com/advisories/22091
Vendor Advisory
http://secunia.com/advisories/22116
Vendor Advisory
http://secunia.com/advisories/22158
Vendor Advisory
http://secunia.com/advisories/22164
Vendor Advisory
http://secunia.com/advisories/22183
Vendor Advisory
http://secunia.com/advisories/22208
Vendor Advisory
http://secunia.com/advisories/22236
Vendor Advisory
http://secunia.com/advisories/22245
Vendor Advisory
http://secunia.com/advisories/22270
Vendor Advisory
http://secunia.com/advisories/22352
Vendor Advisory
http://secunia.com/advisories/22362
Vendor Advisory
http://secunia.com/advisories/22495
Vendor Advisory
http://secunia.com/advisories/22823
Vendor Advisory
http://secunia.com/advisories/22926
Vendor Advisory
http://secunia.com/advisories/23038
Vendor Advisory
http://secunia.com/advisories/24799
http://secunia.com/advisories/24805
http://secunia.com/advisories/25608
http://secunia.com/advisories/29371
http://secunia.com/advisories/34274
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
http://security.gentoo.org/glsa/glsa-200609-17.xml
http://security.gentoo.org/glsa/glsa-200611-06.xml
http://securitytracker.com/id?1016931
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
http://sourceforge.net/forum/forum.php?forum_id=681763
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
http://www.debian.org/security/2006/dsa-1189
Patch
http://www.debian.org/security/2006/dsa-1212
Patch
http://www.kb.cert.org/vuls/id/787448
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
http://www.openbsd.org/errata.html#ssh
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
http://www.osvdb.org/29152
http://www.redhat.com/support/errata/RHSA-2006-0697.html
http://www.securityfocus.com/archive/1/447153/100/0/threaded
http://www.securityfocus.com/bid/20216
Patch
Exploit
http://www.trustix.org/errata/2006/0054
http://www.ubuntu.com/usn/usn-355-1
http://www.vupen.com/english/advisories/2006/3777
http://www.vupen.com/english/advisories/2006/4401
http://www.vupen.com/english/advisories/2007/1332
http://www.vupen.com/english/advisories/2007/2119
http://www.vupen.com/english/advisories/2009/0740
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
https://issues.rpath.com/browse/RPL-661
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193