Vulnerability Bulletins

int(1852)

Vulnerability Bulletins

Denegación de servicio en OpenSSH
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Avanzado
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	OpenSSH 3.6.1p2, 3.7.1p2
Description
Se ha descubierto una vulnerabilidad en OpenSSH 3.6.1p2 y 3.7.1p2. La vulnerabilidad reside en sshd.c que no finaliza las conexiones una vez que el tiempo de sesión "LoginGraceTime" ha finalizado. Un atacante remoto podría causar una denegación de servicio mediante el agotamiento de conexiones.
Solution
Actualización de software Red Hat Red Hat Desktop (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Desktop (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Desktop (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC openssh-3.6.1p2-33.30.6.ppc.rpm openssh-askpass-3.6.1p2-33.30.6.ppc.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm openssh-clients-3.6.1p2-33.30.6.ppc.rpm openssh-server-3.6.1p2-33.30.6.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 openssh-3.6.1p2-33.30.6.s390.rpm openssh-askpass-3.6.1p2-33.30.6.s390.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm openssh-clients-3.6.1p2-33.30.6.s390.rpm openssh-server-3.6.1p2-33.30.6.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x openssh-3.6.1p2-33.30.6.s390x.rpm openssh-askpass-3.6.1p2-33.30.6.s390x.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm openssh-clients-3.6.1p2-33.30.6.s390x.rpm openssh-server-3.6.1p2-33.30.6.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
Standar resources
Property	Value
CVE	CAN-2004-2069
BID
Other resources
Red Hat Security Advisory (RHSA-2005:550-6) https://rhn.redhat.com/errata/RHSA-2005-550.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-10-04
1.1	Aviso emitido por SGI (20051002-01-U)	2005-10-21

Vulnerability Bulletins

Denegación de servicio en OpenSSH

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history