| <?xml version="1.0" encoding="utf-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| |
| <glsa id="200611-06"> |
| <title>OpenSSH: Multiple Denial of Service vulnerabilities</title> |
| <synopsis> |
| Several Denial of Service vulnerabilities have been identified in OpenSSH. |
| </synopsis> |
| <product type="ebuild">openssh</product> |
| <announced>November 13, 2006</announced> |
| <revised>November 13, 2006: 01</revised> |
| <bug>149502</bug> |
| <access>remote</access> |
| <affected> |
| <package name="net-misc/openssh" auto="yes" arch="*"> |
| <unaffected range="ge">4.4_p1-r5</unaffected> |
| <vulnerable range="lt">4.4_p1-r5</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p> |
| OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 |
| implementation and includes sftp client and server support. |
| </p> |
| </background> |
| <description> |
| <p> |
| Tavis Ormandy of the Google Security Team has discovered a |
| pre-authentication vulnerability, causing sshd to spin until the login |
| grace time has been expired. Mark Dowd found an unsafe signal handler |
| that was vulnerable to a race condition. It has also been discovered |
| that when GSSAPI authentication is enabled, GSSAPI will in certain |
| cases incorrectly abort. |
| </p> |
| </description> |
| <impact type="normal"> |
| <p> |
| The pre-authentication and signal handler vulnerabilities can cause a |
| Denial of Service in OpenSSH. The vulnerability in the GSSAPI |
| authentication abort could be used to determine the validity of |
| usernames on some platforms. |
| </p> |
| </impact> |
| <workaround> |
| <p> |
| There is no known workaround at this time. |
| </p> |
| </workaround> |
| <resolution> |
| <p> |
| All OpenSSH users should upgrade to the latest version: |
| </p> |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5"</code> |
| </resolution> |
| <references> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051">CVE-2006-5051</uri> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052">CVE-2006-5052</uri> |
| <uri link="http://www.openssh.com/txt/release-4.4">OpenSSH Security Advisory</uri> |
| </references> |
| <metadata tag="requester" timestamp="Mon, 06 Nov 2006 00:03:31 +0000"> |
| vorlon078 |
| </metadata> |
| <metadata tag="bugReady" timestamp="Mon, 06 Nov 2006 12:18:14 +0000"> |
| vorlon078 |
| </metadata> |
| <metadata tag="submitter" timestamp="Mon, 06 Nov 2006 19:31:09 +0000"> |
| daxomatic |
| </metadata> |
| </glsa> |