CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Published : 2006-09-27 01:07 Updated : 2018-10-17 21:40

7.8
CVSS Score More info
Score 7.8 / 10
7.8
Vendor Product Version URI
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 2.1.1 cpe:/a:openbsd:openssh:2.1.1
Openbsd Openssh 2.9p1 cpe:/a:openbsd:openssh:2.9p1
Openbsd Openssh 2.9p2 cpe:/a:openbsd:openssh:2.9p2
Openbsd Openssh 2.5.2 cpe:/a:openbsd:openssh:2.5.2
Openbsd Openssh 2.5.1 cpe:/a:openbsd:openssh:2.5.1
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 2.9.9p2 cpe:/a:openbsd:openssh:2.9.9p2
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 2.1 cpe:/a:openbsd:openssh:2.1
Openbsd Openssh 2.3 cpe:/a:openbsd:openssh:2.3
Openbsd Openssh 2.2 cpe:/a:openbsd:openssh:2.2
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 2.9 cpe:/a:openbsd:openssh:2.9
Openbsd Openssh 2.9.9 cpe:/a:openbsd:openssh:2.9.9
Openbsd Openssh 2.5 cpe:/a:openbsd:openssh:2.5
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
  1. Openbsd (1) Search CVE
    1. Openssh (56) Search CVE
      1. 3.0p1
      2. 3.0.1
      3. 3.0.2
      4. 3.4p1
      5. 3.2.2
      6. 3.6.1
      7. 3.8.1p1
      8. 1.2.27
      9. 3.0.2p1
      10. 2.1.1
      11. 2.9p1
      12. 2.9p2
      13. 2.5.2
      14. 2.5.1
      15. 1.2
      16. 3.0
      17. 3.9.1p1
      18. 3.2
      19. 3.1
      20. 3.8
      21. 3.7
      22. 3.9
      23. 3.4
      24. 3.3
      25. 3.6
      26. 3.5
      27. 3.9.1
      28. 2.9.9p2
      29. 3.2.2p1
      30. 4.3p1
      31. 4.1p1
      32. 3.6.1p2
      33. 3.6.1p1
      34. 3.1p1
      35. 3.3p1
      36. 3.5p1
      37. 3.7.1p2
      38. 3.7.1p1
      39. 3.7.1
      40. 3.0.1p1
      41. 2.1
      42. 2.3
      43. 2.2
      44. 4.0
      45. 1.2.1
      46. 1.2.2
      47. 1.2.3
      48. 2.9
      49. 2.9.9
      50. 2.5
      51. 4.3
      52. 4.2
      53. 3.8.1
      54. 4.0p1
      55. 3.2.3p1
      56. 4.2p1

CWE

ID Name Description Links
CWE-399 Resource Management Errors Weaknesses in this category are related to improper management of system resources. CVE

References

Source Link
FREEBSD ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
SCO ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
SGI ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
CONFIRM http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=148228
CONFIRM http://docs.info.apple.com/article.html?artnum=305214
APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
MLIST http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
GENTOO http://security.gentoo.org/glsa/glsa-200609-17.xml
GENTOO http://security.gentoo.org/glsa/glsa-200611-06.xml
SECTRACK http://securitytracker.com/id?1016931
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=681763
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
MLIST http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
DEBIAN http://www.debian.org/security/2006/dsa-1189
DEBIAN http://www.debian.org/security/2006/dsa-1212
CERT-VN http://www.kb.cert.org/vuls/id/787448
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
SUSE http://www.novell.com/linux/security/advisories/2006_24_sr.html
SUSE http://www.novell.com/linux/security/advisories/2006_62_openssh.html
OPENBSD http://www.openbsd.org/errata.html#ssh
OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0697.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0698.html
HP http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
BID http://www.securityfocus.com/bid/20216
TRUSTIX http://www.trustix.org/errata/2006/0054
UBUNTU http://www.ubuntu.com/usn/usn-355-1
CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
VUPEN http://www.vupen.com/english/advisories/2006/3777
VUPEN http://www.vupen.com/english/advisories/2006/4401
VUPEN http://www.vupen.com/english/advisories/2006/4869
VUPEN http://www.vupen.com/english/advisories/2007/0930
VUPEN http://www.vupen.com/english/advisories/2007/1332
VUPEN http://www.vupen.com/english/advisories/2007/2119
VUPEN http://www.vupen.com/english/advisories/2009/0740
MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
CONFIRM https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
CONFIRM https://issues.rpath.com/browse/RPL-661
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
BUGTRAQ http://www.securityfocus.com/archive/1/447153/100/0/threaded