FreeBSD : openssh -- multiple vulnerabilities (32db37a5-50c3-11db-acf3-000c6ec775d9)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Problem Description The CRC compensation attack detector in the
sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic
in the number of duplicate blocks received. [CVE-2006-4924]

A race condition exists in a signal handler used by the sshd(8) daemon
to handle the LoginGraceTime option, which can potentially cause some
cleanup routines to be executed multiple times. [CVE-2006-5051] Impact
An attacker sending specially crafted packets to sshd(8) can cause a
Denial of Service by using 100% of CPU time until a connection timeout
occurs. Since this attack can be performed over multiple connections
simultaneously, it is possible to cause up to MaxStartups (10 by
default) sshd processes to use all the CPU time they can obtain.
[CVE-2006-4924]

The OpenSSH project believe that the race condition can lead to a
Denial of Service or potentially remote code execution, but the
FreeBSD Security Team has been unable to verify the exact impact.
[CVE-2006-5051] Workaround The attack against the CRC compensation
attack detector can be avoided by disabling SSH Protocol version 1
support in sshd_config(5).

There is no workaround for the second issue.

See also :

http://www.openssh.com/txt/release-4.4
http://www.nessus.org/u?675ac391

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22488 (freebsd_pkg_32db37a550c311dbacf3000c6ec775d9.nasl)

Bugtraq ID: 20216
20241

CVE ID: CVE-2006-4924
CVE-2006-5051

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now