OpenSSH < 2.9.9p1 Resource Limit Bypass
High Nessus Plugin ID 44069
SynopsisThe remote SSH service is affected by a denial of service vulnerability.
DescriptionAccording to its banner, the remote host is running a version of OpenSSH earlier than 2.9.9p1. Such versions fail to initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty. A remote, unauthenticated attacker, exploiting this flaw, could bypass resource limits (rlimits) set in pam.d.
SolutionUpgrade to OpenSSH 2.9.9p1 or later.