Debian DSA-1638-1 : openssh - denial of service

High Nessus Plugin ID 34223


The remote Debian host is missing a security-related update.


It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109 ).

The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051 ), but the patch backported to the version released with etch was incorrect.

Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a '[net]' process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability.
It is possible to trigger this denial of service condition by accident.


Upgrade the openssh packages.

For the stable distribution (etch), this problem has been fixed in version 4.3p2-9etch3.

See Also

Plugin Details

Severity: High

ID: 34223

File Name: debian_DSA-1638.nasl

Version: 1.17

Type: local

Agent: unix

Published: 2008/09/17

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openssh, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2008/09/16

Reference Information

CVE: CVE-2006-5051, CVE-2008-4109

BID: 20241

DSA: 1638

CWE: 264, 362