FreeBSD : FreeBSD -- OpenSSH Remote Denial of Service vulnerability (6a2cfcdc-9dea-11e6-a298-14dae9d210b8)
High Nessus Plugin ID 94418
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionWhen processing the SSH_MSG_KEXINIT message, the server could allocate up to a few hundreds of megabytes of memory per each connection, before any authentication take place. Impact : A remote attacker may be able to cause a SSH server to allocate an excessive amount of memory. Note that the default MaxStartups setting on FreeBSD will limit the effectiveness of this attack.
SolutionUpdate the affected package.