- Home
- CVEs with nessus.description==Problem+Description+The+CRC+compensation+attack+detector+in+the+sshd%288%29+daemon%2C+upon+receipt+of+duplicate+blocks%2C+uses+CPU+time+cubic+in+the+number+of+duplicate+blocks+received.+%5BCVE-2006-4924%5D%0A%0AA+race+condition+exists+in+a+signal+handler+used+by+the+sshd%288%29+daemon+to+handle+the+LoginGraceTime+option%2C+which+can+potentially+cause+some+cleanup+routines+to+be+executed+multiple+times.+%5BCVE-2006-5051%5D+Impact+An+attacker+sending+specially+crafted+packets+to+sshd%288%29+can+cause+a+Denial+of+Service+by+using+100%25+of+CPU+time+until+a+connection+timeout+occurs.+Since+this+attack+can+be+performed+over+multiple+connections+simultaneously%2C+it+is+possible+to+cause+up+to+MaxStartups+%2810+by+default%29+sshd+processes+to+use+all+the+CPU+time+they+can+obtain.%0A%5BCVE-2006-4924%5D%0A%0AThe+OpenSSH+project+believe+that+the+race+condition+can+lead+to+a+Denial+of+Service+or+potentially+remote+code+execution%2C+but+the+FreeBSD+Security+Team+has+been+unable+to+verify+the+exact+impact.%0A%5BCVE-2006-5051%5D+Workaround+The+attack+against+the+CRC+compensation+attack+detector+can+be+avoided+by+disabling+SSH+Protocol+version+1+support+in+sshd_config%285%29.%0A%0AThere+is+no+workaround+for+the+second+issue
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top