Miembros de
Boletines de Vulnerabilidades |
Denegación de servicio en OpenSSH |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | OpenSSH 3.6.1p2, 3.7.1p2 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en OpenSSH 3.6.1p2 y 3.7.1p2. La vulnerabilidad reside en sshd.c que no finaliza las conexiones una vez que el tiempo de sesión "LoginGraceTime" ha finalizado. Un atacante remoto podría causar una denegación de servicio mediante el agotamiento de conexiones. |
|
Solución |
|
|
Actualización de software Red Hat Red Hat Desktop (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Desktop (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Desktop (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC openssh-3.6.1p2-33.30.6.ppc.rpm openssh-askpass-3.6.1p2-33.30.6.ppc.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ppc.rpm openssh-clients-3.6.1p2-33.30.6.ppc.rpm openssh-server-3.6.1p2-33.30.6.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 openssh-3.6.1p2-33.30.6.s390.rpm openssh-askpass-3.6.1p2-33.30.6.s390.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.s390.rpm openssh-clients-3.6.1p2-33.30.6.s390.rpm openssh-server-3.6.1p2-33.30.6.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x openssh-3.6.1p2-33.30.6.s390x.rpm openssh-askpass-3.6.1p2-33.30.6.s390x.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.s390x.rpm openssh-clients-3.6.1p2-33.30.6.s390x.rpm openssh-server-3.6.1p2-33.30.6.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS openssh-3.6.1p2-33.30.6.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 openssh-3.6.1p2-33.30.6.i386.rpm openssh-askpass-3.6.1p2-33.30.6.i386.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.i386.rpm openssh-clients-3.6.1p2-33.30.6.i386.rpm openssh-server-3.6.1p2-33.30.6.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 openssh-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-3.6.1p2-33.30.6.ia64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.ia64.rpm openssh-clients-3.6.1p2-33.30.6.ia64.rpm openssh-server-3.6.1p2-33.30.6.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 openssh-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-3.6.1p2-33.30.6.x86_64.rpm openssh-askpass-gnome-3.6.1p2-33.30.6.x86_64.rpm openssh-clients-3.6.1p2-33.30.6.x86_64.rpm openssh-server-3.6.1p2-33.30.6.x86_64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CAN-2004-2069 |
| BID | |
Recursos adicionales |
|
|
Red Hat Security Advisory (RHSA-2005:550-6) https://rhn.redhat.com/errata/RHSA-2005-550.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2005-10-04 |
| 1.1 | Aviso emitido por SGI (20051002-01-U) | 2005-10-21 |