Vulnerability Note VU#787448
OpenSSH fails to properly handle multiple identical blocks in a SSH packet
OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition.
OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol. OpenSSH includes a cyclic redundancy check (CRC) compensation attack detection function that produces a checksum on a block of data in a SSH packet. This function was introduced to defend against exploitation of CRC weaknesses in version 1 of the SSH protocol (see VU#13877). Multiple identical blocks contained within a SSH packet may trigger a computationally expensive operation within the CRC attack detector that can lead to a denial of service. According to the OpenSSH 4.4 release notes:
[This vulnerability]...would cause sshd(8) to spin until the login grace time expired.
A remote, unauthenticated attacker could cause a denial-of service condition by sending specially crafted packets to the OpenSSH server that would cause it to use excessive CPU time until a connection timeout occurs.
Disable SSH version 1
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||13 Mar 2007|
|Avaya, Inc.||Affected||-||23 Oct 2006|
|Debian GNU/Linux||Affected||-||06 Oct 2006|
|FreeBSD, Inc.||Affected||-||04 Oct 2006|
|Gentoo Linux||Affected||-||02 Oct 2006|
|Hewlett-Packard Company||Affected||-||19 Jan 2007|
|Mandriva, Inc.||Affected||-||06 Oct 2006|
|OpenBSD||Affected||-||10 Nov 2006|
|OpenPKG||Affected||-||04 Oct 2006|
|OpenSSH||Affected||-||02 Oct 2006|
|Red Hat, Inc.||Affected||-||02 Oct 2006|
|rPath||Affected||-||02 Oct 2006|
|Slackware Linux Inc.||Affected||-||02 Oct 2006|
|SUSE Linux||Affected||-||23 Oct 2006|
|Trustix Secure Linux||Affected||-||06 Oct 2006|
CVSS Metrics (Learn More)
This issue was reported in the OpenSSH 4.4 release notes. OpenSSH credits Tavis Ormandy of the Google Security Team for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-4924
- Date Public: 27 Sep 2006
- Date First Published: 04 Oct 2006
- Date Last Updated: 13 Mar 2007
- Severity Metric: 8.82
- Document Revision: 41
If you have feedback, comments, or additional information about this vulnerability, please send us email.