-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security/ http://www.openpkg.org [EMAIL PROTECTED] [EMAIL PROTECTED] OpenPKG-SA-2006.022 01-Oct-2006 ________________________________________________________________________ Package: openssh Vulnerability: denial of service OpenPKG Specific: no OpenPKG Series: Affected Packages: Corrected Packages: CURRENT <= openssh-4.3p2-20060924 >= openssh-4.4p1-20060928 2-STABLE <= openssh-4.3p2-2.20060622 >= openssh-4.4p1-2.20060929 2-STABLE-20060622 <= openssh-4.3p2-2.20060622 >= openssh-4.4p1-2.20060929 2.5-RELEASE <= openssh-4.2p1-2.5.3 >= openssh-4.2p1-2.5.4 Description: According to a vendor security advisory [0], multiple vulnerabilities exist in the Secure Shell (SSH) implementation OpenSSH [1]: First, a pre-authentication denial of service was found by Tavis Ormandy that would cause sshd(8) to spin until the login grace time expired. The Common Vulnerabilities and Exposures (CVE) project assigned the ids CVE-2006-4924 [2] and CVE-2006-4925 [3] to the problem. Second, an unsafe signal handler, reported by Mark Dowd, was fixed. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if some authentication methods like GSSAPI are enabled, but the likelihood of successful exploitation appears remote. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-5051 [4] to the problem. ________________________________________________________________________ References: [0] http://www.openssh.com/txt/release-4.4 [1] http://www.openssh.com/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4925 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFFH3vSgHWT4GPEy58RAlDBAJ40g98LLlcoVTAdnczmE9BjorOUjQCfSD82 lZQ3bMOn8xTxAPyL2PrWK7w= =GNXY -----END PGP SIGNATURE-----
