Software Engineering Institute

OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol. OpenSSH includes a cyclic redundancy check (CRC) compensation attack detection function that produces a checksum on a block of data in a SSH packet. This function was introduced to defend against exploitation of CRC weaknesses in version 1 of the SSH protocol (see VU#13877). Multiple identical blocks contained within a SSH packet may trigger a computationally expensive operation within the CRC attack detector that can lead to a denial of service. According to the OpenSSH 4.4 release notes:

[This vulnerability]...would cause sshd(8) to spin until the login grace time expired.
The OpenSSH sshd daemon is only vulnerable when SSH protocol version 1 is enabled.

A remote, unauthenticated attacker could cause a denial-of service condition by sending specially crafted packets to the OpenSSH server that would cause it to use excessive CPU time until a connection timeout occurs.

Upgrade
See the systems affected section of this document for information about specific vendors. Users who compile OpenSSH from source are encouraged to update to the most recent version.

Disable SSH version 1

SSH protocol version 1 should be disabled in order to prevent this vulnerability from occurring on affected systems.