SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)

High Nessus Plugin ID 29538


The remote SuSE 10 host is missing a security-related patch.


Several security problems were fixed in OpenSSH :

- A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924)

- If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925)

- Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.

- Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)


Apply ZYPP patch number 2184.

See Also

Plugin Details

Severity: High

ID: 29538

File Name: suse_openssh-2184.nasl

Version: $Revision: 1.13 $

Type: local

Agent: unix

Published: 2007/12/13

Modified: 2016/12/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2006/10/19

Reference Information

CVE: CVE-2006-4924, CVE-2006-4925, CVE-2006-5051, CVE-2006-5052

CWE: 362, 399