ID CVE-2006-4924
Summary sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
References
Vulnerable Configurations
  • cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
    cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 17-10-2018 - 21:40)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
  • accepted 2013-04-29T04:05:52.949-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
    family unix
    id oval:org.mitre.oval:def:10462
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
    version 29
  • accepted 2007-08-02T14:47:15.104-04:00
    class vulnerability
    contributors
    name Yuzheng Zhou
    organization Opsware, Inc.
    definition_extensions
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
    family unix
    id oval:org.mitre.oval:def:1193
    status accepted
    submitted 2007-07-03T09:00:00.000-04:00
    title Security Vulnerability in the sshd(1M) Protocol Version 1 Implementation May Allow a Denial of Service to the Host
    version 35
redhat via4
advisories
  • rhsa
    id RHSA-2006:0697
  • rhsa
    id RHSA-2006:0698
rpms
  • openssh-0:3.6.1p2-33.30.12
  • openssh-0:3.9p1-8.RHEL4.17
  • openssh-askpass-0:3.6.1p2-33.30.12
  • openssh-askpass-0:3.9p1-8.RHEL4.17
  • openssh-askpass-gnome-0:3.6.1p2-33.30.12
  • openssh-askpass-gnome-0:3.9p1-8.RHEL4.17
  • openssh-clients-0:3.6.1p2-33.30.12
  • openssh-clients-0:3.9p1-8.RHEL4.17
  • openssh-debuginfo-0:3.6.1p2-33.30.12
  • openssh-debuginfo-0:3.9p1-8.RHEL4.17
  • openssh-server-0:3.6.1p2-33.30.12
  • openssh-server-0:3.9p1-8.RHEL4.17
  • openssh-0:3.1p1-21
  • openssh-askpass-0:3.1p1-21
  • openssh-askpass-gnome-0:3.1p1-21
  • openssh-clients-0:3.1p1-21
  • openssh-server-0:3.1p1-21
refmap via4
apple APPLE-SA-2007-03-13
bid 20216
bugtraq 20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server
cert TA07-072A
cert-vn VU#787448
confirm
debian
  • DSA-1189
  • DSA-1212
freebsd
  • FreeBSD-SA-06:22
  • FreeBSD-SA-06:22.openssh
gentoo
  • GLSA-200609-17
  • GLSA-200611-06
hp
  • HPSBUX02178
  • SSRT061267
mandriva MDKSA-2006:179
misc https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
mlist
  • [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released
  • [security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability
openbsd [2.9] 015: SECURITY FIX: October 12, 2006
openpkg OpenPKG-SA-2006.022
osvdb 29152
sco SCOSA-2008.2
sectrack 1016931
secunia
  • 21923
  • 22091
  • 22116
  • 22158
  • 22164
  • 22183
  • 22196
  • 22208
  • 22236
  • 22245
  • 22270
  • 22298
  • 22352
  • 22362
  • 22487
  • 22495
  • 22823
  • 22926
  • 23038
  • 23241
  • 23340
  • 23680
  • 24479
  • 24799
  • 24805
  • 25608
  • 29371
  • 34274
sgi 20061001-01-P
slackware SSA:2006-272-02
sunalert 102962
suse
  • SUSE-SA:2006:062
  • SUSE-SR:2006:024
trustix 2006-0054
ubuntu USN-355-1
vupen
  • ADV-2006-3777
  • ADV-2006-4401
  • ADV-2006-4869
  • ADV-2007-0930
  • ADV-2007-1332
  • ADV-2007-2119
  • ADV-2009-0740
xf openssh-block-dos(29158)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 17-10-2018 - 21:40
Published 27-09-2006 - 01:07
Last modified 17-10-2018 - 21:40
Back to Top