openSUSE 10 Security Update : openssh (openssh-2183)
High Nessus Plugin ID 27365
SynopsisThe remote openSUSE host is missing a security update.
DescriptionSeveral security problems were fixed in OpenSSH :
- CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server.
- CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close.
- CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
- CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.
SolutionUpdate the affected openssh packages.