Published: 22/01/2006 Updated: 20/07/2017

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu lsh 2.0.1

Debian Bug report logs - #349303 lsh-server: lshd leaks fd:s to user shells Package: lsh-server; Maintainer for lsh-server is Magnus Holmgren <holmgren@debianorg>; Source for lsh-server is src:lsh-utils (PTS, buildd, popcon) Reported by: Stefan Pfetzing <dreamind@dreamindde> Date: Sun, 22 Jan 2006 05:18:04 UTC Sev ...

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys ...

CWE-200 http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html http://www.osvdb.org/22695 http://secunia.com/advisories/18564 http://www.debian.org/security/2006/dsa-956 http://www.securityfocus.com/bid/16357 http://secunia.com/advisories/18623 http://www.vupen.com/english/advisories/2006/0301 https://exchange.xforce.ibmcloud.com/vulnerabilities/24263 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349303 https://nvd.nist.gov https://www.debian.org/security/./dsa-956

CVE-2006-0353

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect