Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2069

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2069
Last Modified 07 Mar 2011 09:18:19
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2069

Summary

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

Vulnerable Systems

Application

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7.1p2


References

MLIST - [openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time

XF - openssh-sshdc-logingracetime-dos(20930)

VUPEN - ADV-2006-4502

BID - 14963

FEDORA - FLSA-2006:168935

OSVDB - 16567

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf

SECUNIA - 17252

SECUNIA - 17135

REDHAT - RHSA-2005:550

MLIST - [openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

CONFIRM - http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

CONFIRM - http://www.vmware.com/download/esx/esx-213-200610-patch.html

CONFIRM - http://www.vmware.com/download/esx/esx-202-200610-patch.html

BUGTRAQ - 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2

BUGTRAQ - 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2

BUGTRAQ - 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4

SECUNIA - 23680

SECUNIA - 22875

SECUNIA - 17000


Last Updated: 27 May 2016 10:39:20