SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

 

Vulnerability Note VU#851340

OpenSSH contains a race condition vulnerability

Overview

A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition.

I. Description

OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol.

The OpenSSH server includes the ability to authenticate via the Generic Security Services Application Programming Interface (GSSAPI). Versions of OpenSSH prior to 4.4 contain a race condition in a signal handler during a logging operation prior to user authentication.

From the OpenSSH 4.4 release notes:

    The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.

II. Impact

A remote, unauthenticated attacker may be able to cause the OpenSSH server to crash, thereby creating a denial-of-service condition

III. Solution

Upgrade

See the systems affected section of this document for information about specific vendors. Users who compile OpenSSH from source are encouraged to update to the most recent version.

Restrict access
Restricting access to the SSH daemon may mitigate the affects of this vulnerability. Administrators can use application-level access controls or firewall rules to restrict access to the SSH server.

Disable the OpenSSH server
If the SSH server functionality is not required, disabling it will limit exposure to this vulnerability. Refer to system-specific documentation on how to disable the OpenSSH server.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable13-Mar-2007
FreeBSD, Inc.Vulnerable4-Oct-2006
OpenSSHUnknown3-Oct-2006
Red Hat, Inc.Vulnerable3-Oct-2006
UbuntuVulnerable3-Oct-2006

References


http://rhn.redhat.com/errata/RHSA-2006-0697.html
http://secunia.com/advisories/22173/
http://openssh.org/txt/release-4.4
http://secunia.com/advisories/22208/
http://secunia.com/advisories/22236/
http://secunia.com/advisories/22183/
http://www.ubuntu.com/usn/usn-355-1
http://tools.ietf.org/html/rfc2743
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
http://secunia.com/advisories/22362/
http://www.securityfocus.com/bid/20241
http://docs.info.apple.com/article.html?artnum=305214

Credit

OpenSSH credits Mark Dowd for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public09/29/2006
Date First Published10/04/2006 04:18:01 PM
Date Last Updated03/13/2007
CERT Advisory 
CVE-ID(s)CVE-2006-5051
NVD-ID(s)CVE-2006-5051
US-CERT Technical Alerts 
Metric1.66
Document Revision34

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader