CVE-2008-4109

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Published : 2008-09-18 15:04 Updated : 2017-08-08 01:32

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Openbsd Openssh 1.5.8 cpe:/a:openbsd:openssh:1.5.8
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 1.5 cpe:/a:openbsd:openssh:1.5
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 2 cpe:/a:openbsd:openssh:2
Openbsd Openssh 1.3 cpe:/a:openbsd:openssh:1.3
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 2.1.1 cpe:/a:openbsd:openssh:2.1.1
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 2.3.1 cpe:/a:openbsd:openssh:2.3.1
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 2.5.1 cpe:/a:openbsd:openssh:2.5.1
Openbsd Openssh 2.9p2 cpe:/a:openbsd:openssh:2.9p2
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 2.9p1 cpe:/a:openbsd:openssh:2.9p1
Openbsd Openssh 2.5.2 cpe:/a:openbsd:openssh:2.5.2
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 2.9.9 cpe:/a:openbsd:openssh:2.9.9
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
Openbsd Openssh 4.4p1 cpe:/a:openbsd:openssh:4.4p1
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 2.9.9p2 cpe:/a:openbsd:openssh:2.9.9p2
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 1.5.7 cpe:/a:openbsd:openssh:1.5.7
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 4.4 cpe:/a:openbsd:openssh:4.4
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 2.5 cpe:/a:openbsd:openssh:2.5
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 4.6 cpe:/a:openbsd:openssh:4.6
Openbsd Openssh 2.9 cpe:/a:openbsd:openssh:2.9
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 2.2 cpe:/a:openbsd:openssh:2.2
Openbsd Openssh 4.1 cpe:/a:openbsd:openssh:4.1
Openbsd Openssh 2.3 cpe:/a:openbsd:openssh:2.3
Openbsd Openssh 2.1 cpe:/a:openbsd:openssh:2.1
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 4.3p2 cpe:/a:openbsd:openssh:4.3p2
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
  1. Openbsd (1) Search CVE
    1. Openssh (67) Search CVE
      1. 1.5.8
      2. 3.5
      3. 3.6
      4. 1.5
      5. 1.2.27
      6. 3.3
      7. 3.4
      8. 3.9
      9. 3.7
      10. 3.8
      11. 2
      12. 1.3
      13. 3.1
      14. 3.2
      15. 3.6.1p1
      16. 2.1.1
      17. 1.2
      18. 3.0
      19. 2.3.1
      20. 3.0.2p1
      21. 2.5.1
      22. 2.9p2
      23. 3.8.1
      24. 2.9p1
      25. 2.5.2
      26. 3.4p1
      27. 3.0.1
      28. 3.2.2
      29. 2.9.9
      30. 3.6.1p2
      31. 4.2p1
      32. 4.4p1
      33. 3.6.1
      34. 3.0.2
      35. 2.9.9p2
      36. 3.0p1
      37. 1.5.7
      38. 3.2.3p1
      39. 4.0p1
      40. 3.8.1p1
      41. 4.4
      42. 4.2
      43. 2.5
      44. 4.3
      45. 4.6
      46. 2.9
      47. 4.0
      48. 2.2
      49. 4.1
      50. 2.3
      51. 2.1
      52. 3.7.1p1
      53. 3.0.1p1
      54. 3.5p1
      55. 3.9.1
      56. 4.1p1
      57. 3.9.1p1
      58. 4.3p2
      59. 3.7.1p2
      60. 4.3p1
      61. 3.3p1
      62. 3.7.1
      63. 1.2.2
      64. 3.1p1
      65. 3.2.2p1
      66. 1.2.3
      67. 1.2.1

CWE

ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2017-08-08 05:50
2008-09-18 15:04

New CVE