Technical Description

Multiple vulnerabilities have been identified in OpenSSH, which could be exploited by remote attackers to cause a denial of service, disclose sensitive information, or potentially execute arbitrary commands.

The first flaw is due to an error in the CRC compensation attack detection algorithm when processing packets with multiple identical blocks, which could be exploited by attackers to exhaust all available resources via a specially crafted SSH packet, creating a denial of service condition [...]

Affected Products

OpenSSH version 4.3 and prior

Credits

Vulnerabilities reported by Tavis Ormandy (Google Security Team) and Mark Dowd.

ChangeLog

2006-09-26 : Initial release
2006-09-27 : Updated Advisory

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.