Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4109

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4109
Last Modified 12 Feb 2009 01:51:02
Published 18 Sep 2008 11:04:27
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4109

Summary

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2

  • Openbsd Openssh 1.2.1

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.27

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 1.3

  • Openbsd Openssh 1.5

  • Openbsd Openssh 1.5.7

  • Openbsd Openssh 1.5.8

  • Openbsd Openssh 2

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.3.1

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9.9p2

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1

  • Openbsd Openssh 4.0

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1

  • Openbsd Openssh 4.1p1

  • Openbsd Openssh 4.2

  • Openbsd Openssh 4.2p1

  • Openbsd Openssh 4.3

  • Openbsd Openssh 4.3p1

  • Openbsd Openssh 4.3p2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.6


References

DEBIAN - DSA-1638

XF - openssh-signalhandler-dos(45202)

UBUNTU - USN-649-1

SECTRACK - 1020891

SECUNIA - 32181

SECUNIA - 32080

SECUNIA - 31885

SUSE - SUSE-SR:2008:020

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678

Related Patches

Novell SUSE 2008:5627 openssh security update for SLE 10 i586


Last Updated: 27 May 2016 10:48:23