Mandrake Linux Security Advisory : openssh (MDKSA-2006:179)
High Nessus Plugin ID 24565
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionTavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.
Next, an unsafe signal handler was found by Mark Dowd. This signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS, and theoretically a pre-authentication remote code execution in the case where some authentication methods like GSSAPI are enabled (CVE-2006-5051).
Updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.