SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)
High Nessus Plugin ID 29538
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionSeveral security problems were fixed in OpenSSH :
- A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924)
- If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925)
- Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
- Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)
SolutionApply ZYPP patch number 2184.