Date: Mon, 2 Oct 2006 21:11:06 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Pekka Savola <pekkas@netcore.fi> Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh Message-ID: <20061002191105.GB1034@zaphod.nitro.dk> In-Reply-To: <Pine.LNX.4.64.0610010004370.4488@netcore.fi> References: <200609302024.k8UKOjon073315@freefall.freebsd.org> <Pine.LNX.4.64.0610010004370.4488@netcore.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.10.01 00:07:02 +0300, Pekka Savola wrote: > On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > >III. Impact > > > >An attacker sending specially crafted packets to sshd(8) can cause a > >Denial of Service by using 100% of CPU time until a connection timeout > >occurs. Since this attack can be performed over multiple connections > >simultaneously, it is possible to cause up to MaxStartups (10 by default) > >sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] > > > >The OpenSSH project believe that the race condition can lead to a Denial > >of Service or potentially remote code execution, but the FreeBSD Security > >Team has been unable to verify the exact impact. [CVE-2006-5051] > > > >IV. Workaround > > > >The attack against the CRC compensation attack detector can be avoided > >by disabling SSH Protocol version 1 support in sshd_config(5). > > > >There is no workaround for the second issue. > > Doesn't TCP wrappers restriction mitigate or work around this issue or > is it done too late ? I'm not sure since I have never really used TCP wrappers, but I would expect it to work. I generally use firewalls to restrict which IP addresses are allowed to access services when possible. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061002191105.GB1034>