CVE-2006-4924: DoS vulnerability in openssh server

Debian Bug report logs - #389995
CVE-2006-4924: DoS vulnerability in openssh server

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2006-4924: DoS vulnerability in openssh server

Date: Thu, 28 Sep 2006 21:08:04 +0200

Package: openssh
Version: 1:4.3p2-3
Severity: important
Tags: security patch



A denial of service (cpu consumption) vulnerability has been found in openssh if
protocol 1 is enabled.

See 
http://secunia.com/advisories/22091/
for details and patches.

AFAICS protocol 1 is disabled by default, therefore severity important.
If I am mistaken (sarge?), please adjust to grave.

Message #12 received at 389995-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 389995-close@bugs.debian.org

Subject: Bug#389995: fixed in openssh 1:4.3p2-4

Date: Fri, 29 Sep 2006 09:17:05 -0700

Source: openssh
Source-Version: 1:4.3p2-4

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.3p2-4_powerpc.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.3p2-4_powerpc.udeb
openssh-client_4.3p2-4_powerpc.deb
  to pool/main/o/openssh/openssh-client_4.3p2-4_powerpc.deb
openssh-server-udeb_4.3p2-4_powerpc.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.3p2-4_powerpc.udeb
openssh-server_4.3p2-4_powerpc.deb
  to pool/main/o/openssh/openssh-server_4.3p2-4_powerpc.deb
openssh_4.3p2-4.diff.gz
  to pool/main/o/openssh/openssh_4.3p2-4.diff.gz
openssh_4.3p2-4.dsc
  to pool/main/o/openssh/openssh_4.3p2-4.dsc
ssh-askpass-gnome_4.3p2-4_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-4_powerpc.deb
ssh_4.3p2-4_all.deb
  to pool/main/o/openssh/ssh_4.3p2-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 389995@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 29 Sep 2006 16:28:24 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.3p2-4
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)
 ssh        - Secure shell client and server (transitional package)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 369395 381942 382966 388946 389995
Changes: 
 openssh (1:4.3p2-4) unstable; urgency=high
 .
   * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
     patch yet):
     - CVE-2006-4924: Fix a pre-authentication denial of service found by
       Tavis Ormandy, that would cause sshd(8) to spin until the login grace
       time expired (closes: #389995).
     - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The
       signal handler was vulnerable to a race condition that could be
       exploited to perform a pre-authentication denial of service. On
       portable OpenSSH, this vulnerability could theoretically lead to
       pre-authentication remote code execution if GSSAPI authentication is
       enabled, but the likelihood of successful exploitation appears remote.
 .
   * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël
     Hertzog; closes: #369395).
   * Remove no-longer-used ssh/insecure_rshd debconf template.
   * Make ssh/insecure_telnetd Type: error (closes: #388946).
 .
   * debconf template translations:
     - Update Portuguese (thanks, Rui Branco; closes: #381942).
     - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
       closes: #382966).
Files: 
 d0f547d4d7d7b457789fad36b675b728 990 net standard openssh_4.3p2-4.dsc
 fbf5d5159fe9aea1c08a4d121ecf12a6 168035 net standard openssh_4.3p2-4.diff.gz
 21496ed39c6d844b971b638e00da1d76 1052 net extra ssh_4.3p2-4_all.deb
 e930263cccb7ac6aec9f49254d7bbd2c 642622 net standard openssh-client_4.3p2-4_powerpc.deb
 f0aa1192a564b3316666be7c8e8158ef 232998 net optional openssh-server_4.3p2-4_powerpc.deb
 c78d0b0207790905f76880f0e94cdb63 99368 gnome optional ssh-askpass-gnome_4.3p2-4_powerpc.deb
 3f6aef414856d86e8a6ce01e19c07b14 166746 debian-installer optional openssh-client-udeb_4.3p2-4_powerpc.udeb
 1193ce5b48f8a36c18a134b5e786de07 169774 debian-installer optional openssh-server-udeb_4.3p2-4_powerpc.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFHUCf9t0zAhD6TNERAmLuAJ94JQOge6mYynW3SEdWBJBDDPBYwQCfbU/s
QsCdkLgbSjJudZR5a4LCpL0=
=CwZU
-----END PGP SIGNATURE-----

Message #17 received at 389995@bugs.debian.org (full text, mbox, reply):

From: gboyce <gboyce@badbelly.com>

To: 389995@bugs.debian.org

Subject: CVE-2006-4924: DoS vulnerability in openssh server

Date: Mon, 23 Oct 2006 14:11:43 -0400 (EDT)

Is there a plan to release an update for this vulnerability in Sarge?  I 
see an updated openssh-krb5 package for Sarge but no update for the 
non-krb5 ssh daemon.

Send a report that this bug log contains spam.