Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5107

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2010-5107
Last Modified 14 Apr 2015 09:59:16
Published 07 Mar 2013 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5107

Summary

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2

  • Openbsd Openssh 1.2.1

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.27

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 1.3

  • Openbsd Openssh 1.5

  • Openbsd Openssh 1.5.7

  • Openbsd Openssh 1.5.8

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.3.1

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9.9p2

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1

  • Openbsd Openssh 4.0

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1

  • Openbsd Openssh 4.1p1

  • Openbsd Openssh 4.2

  • Openbsd Openssh 4.2p1

  • Openbsd Openssh 4.3

  • Openbsd Openssh 4.3p1

  • Openbsd Openssh 4.3p2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.5

  • Openbsd Openssh 4.6

  • Openbsd Openssh 4.7

  • Openbsd Openssh 4.8

  • Openbsd Openssh 4.9

  • Openbsd Openssh 5.0

  • Openbsd Openssh 5.1

  • Openbsd Openssh 5.2

  • Openbsd Openssh 5.3

  • Openbsd Openssh 5.4

  • Openbsd Openssh 5.5

  • Openbsd Openssh 5.6

  • Openbsd Openssh 5.7

  • Openbsd Openssh 5.8

  • Openbsd Openssh 5.8p2

  • Openbsd Openssh 5.9

  • Openbsd Openssh 6.0

  • Openbsd Openssh 6.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=908707

MLIST - [oss-security] 20130206 Re: CVE id request: openssh?

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234

REDHAT - RHSA-2013:1591

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

Related Patches

SUN122300-68 Solaris 9 SPARC: Kernel Patch


Last Updated: 27 May 2016 11:02:00