[FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-06:22.openssh
Simon L. Nielsen
simon at FreeBSD.org
Mon Oct 2 12:11:12 PDT 2006
On 2006.10.01 00:07:02 +0300, Pekka Savola wrote:
> On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote:
> >III. Impact
> >
> >An attacker sending specially crafted packets to sshd(8) can cause a
> >Denial of Service by using 100% of CPU time until a connection timeout
> >occurs. Since this attack can be performed over multiple connections
> >simultaneously, it is possible to cause up to MaxStartups (10 by default)
> >sshd processes to use all the CPU time they can obtain. [CVE-2006-4924]
> >
> >The OpenSSH project believe that the race condition can lead to a Denial
> >of Service or potentially remote code execution, but the FreeBSD Security
> >Team has been unable to verify the exact impact. [CVE-2006-5051]
> >
> >IV. Workaround
> >
> >The attack against the CRC compensation attack detector can be avoided
> >by disabling SSH Protocol version 1 support in sshd_config(5).
> >
> >There is no workaround for the second issue.
>
> Doesn't TCP wrappers restriction mitigate or work around this issue or
> is it done too late ?
I'm not sure since I have never really used TCP wrappers, but I would
expect it to work. I generally use firewalls to restrict which IP
addresses are allowed to access services when possible.
--
Simon L. Nielsen
More information about the freebsd-security
mailing list