Vulnerability Note VU#787448
OpenSSH fails to properly handle multiple identical blocks in a SSH packet
OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition.
OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol. OpenSSH includes a cyclic redundancy check (CRC) compensation attack detection function that produces a checksum on a block of data in a SSH packet. This function was introduced to defend against exploitation of CRC weaknesses in version 1 of the SSH protocol (see VU#13877). Multiple identical blocks contained within a SSH packet may trigger a computationally expensive operation within the CRC attack detector that can lead to a denial of service. According to the OpenSSH 4.4 release notes:
[This vulnerability]...would cause sshd(8) to spin until the login grace time expired.
A remote, unauthenticated attacker could cause a denial-of service condition by sending specially crafted packets to the OpenSSH server that would cause it to use excessive CPU time until a connection timeout occurs.
Disable SSH version 1
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||13 Mar 2007|
|Avaya, Inc.||Affected||-||23 Oct 2006|
|Debian GNU/Linux||Affected||-||06 Oct 2006|
|FreeBSD, Inc.||Affected||-||04 Oct 2006|
|Gentoo Linux||Affected||-||02 Oct 2006|
|Hewlett-Packard Company||Affected||-||19 Jan 2007|
|Mandriva, Inc.||Affected||-||06 Oct 2006|
|OpenBSD||Affected||-||10 Nov 2006|
|OpenPKG||Affected||-||04 Oct 2006|
|OpenSSH||Affected||-||02 Oct 2006|
|Red Hat, Inc.||Affected||-||02 Oct 2006|
|rPath||Affected||-||02 Oct 2006|
|Slackware Linux Inc.||Affected||-||02 Oct 2006|
|SUSE Linux||Affected||-||23 Oct 2006|
|Trustix Secure Linux||Affected||-||06 Oct 2006|
CVSS Metrics (Learn More)
This issue was reported in the OpenSSH 4.4 release notes . OpenSSH credits Tavis Ormandy of the Google Security Team for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-4924
- Date Public: 27 Sep 2006
- Date First Published: 04 Oct 2006
- Date Last Updated: 13 Mar 2007
- Severity Metric: 8.82
- Document Revision: 41
If you have feedback, comments, or additional information about this vulnerability, please send us email.