CVE-2006-4924
HIGH severity · CVSS 7.8 · CWE-399
7.8CVSS HIGH
Summary
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)34%
AV:N/AC:L/Au:N/C:N/I:N/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
- ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
- http://bugs.gentoo.org/show_bug.cgi?id=148228
- http://docs.info.apple.com/article.html?artnum=305214
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html