CVE - CVE-2006-4924

CVE-ID
CVE-2006-4924	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2007-03-13 URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BID:20216 URL:http://www.securityfocus.com/bid/20216 BUGTRAQ:20060927 rPSA-2006-0174-1 gnome-ssh-askpass openssh openssh-client openssh-server URL:http://www.securityfocus.com/archive/1/447153/100/0/threaded CERT:TA07-072A URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html CERT-VN:VU#787448 URL:http://www.kb.cert.org/vuls/id/787448 CONFIRM:~~http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability~~ (Obsolete source) CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=148228 CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=681763 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CONFIRM:https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg CONFIRM:https://issues.rpath.com/browse/RPL-661 DEBIAN:DSA-1189 URL:http://www.debian.org/security/2006/dsa-1189 DEBIAN:DSA-1212 URL:http://www.debian.org/security/2006/dsa-1212 FREEBSD:FreeBSD-SA-06:22 URL:http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc FREEBSD:FreeBSD-SA-06:22.openssh URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc GENTOO:GLSA-200609-17 URL:http://security.gentoo.org/glsa/glsa-200609-17.xml GENTOO:GLSA-200611-06 URL:http://security.gentoo.org/glsa/glsa-200611-06.xml HP:HPSBUX02178 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 HP:SSRT061267 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 MANDRIVA:MDKSA-2006:179 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:179~~ (Obsolete source) MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955 MLIST:[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released URL:http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 MLIST:[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability URL:http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html OPENBSD:[2.9] 015: SECURITY FIX: October 12, 2006 URL:http://www.openbsd.org/errata.html#ssh OPENPKG:OpenPKG-SA-2006.022 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html OSVDB:29152 URL:~~http://www.osvdb.org/29152~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10462 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462 OVAL:oval:org.mitre.oval:def:1193 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193 REDHAT:RHSA-2006:0697 URL:http://www.redhat.com/support/errata/RHSA-2006-0697.html REDHAT:RHSA-2006:0698 URL:http://www.redhat.com/support/errata/RHSA-2006-0698.html SCO:SCOSA-2008.2 URL:ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt SECTRACK:1016931 URL:http://securitytracker.com/id?1016931 SECUNIA:21923 URL:http://secunia.com/advisories/21923 SECUNIA:22091 URL:http://secunia.com/advisories/22091 SECUNIA:22116 URL:http://secunia.com/advisories/22116 SECUNIA:22158 URL:http://secunia.com/advisories/22158 SECUNIA:22164 URL:http://secunia.com/advisories/22164 SECUNIA:22183 URL:http://secunia.com/advisories/22183 SECUNIA:22196 URL:http://secunia.com/advisories/22196 SECUNIA:22208 URL:http://secunia.com/advisories/22208 SECUNIA:22236 URL:http://secunia.com/advisories/22236 SECUNIA:22245 URL:http://secunia.com/advisories/22245 SECUNIA:22270 URL:http://secunia.com/advisories/22270 SECUNIA:22298 URL:http://secunia.com/advisories/22298 SECUNIA:22352 URL:http://secunia.com/advisories/22352 SECUNIA:22362 URL:http://secunia.com/advisories/22362 SECUNIA:22487 URL:http://secunia.com/advisories/22487 SECUNIA:22495 URL:http://secunia.com/advisories/22495 SECUNIA:22823 URL:http://secunia.com/advisories/22823 SECUNIA:22926 URL:http://secunia.com/advisories/22926 SECUNIA:23038 URL:http://secunia.com/advisories/23038 SECUNIA:23241 URL:http://secunia.com/advisories/23241 SECUNIA:23340 URL:http://secunia.com/advisories/23340 SECUNIA:23680 URL:http://secunia.com/advisories/23680 SECUNIA:24479 URL:http://secunia.com/advisories/24479 SECUNIA:24799 URL:http://secunia.com/advisories/24799 SECUNIA:24805 URL:http://secunia.com/advisories/24805 SECUNIA:25608 URL:http://secunia.com/advisories/25608 SECUNIA:29371 URL:http://secunia.com/advisories/29371 SECUNIA:34274 URL:http://secunia.com/advisories/34274 SGI:20061001-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc SLACKWARE:SSA:2006-272-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 SUNALERT:102962 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1~~ (Obsolete source) SUSE:SUSE-SA:2006:062 URL:http://www.novell.com/linux/security/advisories/2006_62_openssh.html SUSE:SUSE-SR:2006:024 URL:http://www.novell.com/linux/security/advisories/2006_24_sr.html TRUSTIX:2006-0054 URL:~~http://www.trustix.org/errata/2006/0054~~ (Obsolete source - check if archived by the Wayback Machine) UBUNTU:USN-355-1 URL:http://www.ubuntu.com/usn/usn-355-1 VUPEN:ADV-2006-3777 URL:~~http://www.vupen.com/english/advisories/2006/3777~~ (Obsolete source) VUPEN:ADV-2006-4401 URL:~~http://www.vupen.com/english/advisories/2006/4401~~ (Obsolete source) VUPEN:ADV-2006-4869 URL:~~http://www.vupen.com/english/advisories/2006/4869~~ (Obsolete source) VUPEN:ADV-2007-0930 URL:~~http://www.vupen.com/english/advisories/2007/0930~~ (Obsolete source) VUPEN:ADV-2007-1332 URL:~~http://www.vupen.com/english/advisories/2007/1332~~ (Obsolete source) VUPEN:ADV-2007-2119 URL:~~http://www.vupen.com/english/advisories/2007/2119~~ (Obsolete source) VUPEN:ADV-2009-0740 URL:~~http://www.vupen.com/english/advisories/2009/0740~~ (Obsolete source) XF:openssh-block-dos(29158) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
Assigning CNA
Red Hat, Inc.
Date Record Created
20060921	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060921)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)