Oval Definition:oval:org.mitre.oval:def:8085
Revision Date:2014-06-23Version:19
Title:DSA-1638 openssh -- denial of service
Description:It has been discovered that the signal handler implementing the login timeout in Debian's version of the OpenSSH server uses functions which are not async-signal-safe, leading to a denial of service vulnerability (CVE-2008-4109). The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051), but the patch backported to the version released with etch was incorrect. Systems affected by this issue suffer from lots of zombie sshd processes. Processes stuck with a "[net]" process title have also been observed. Over time, a sufficient number of processes may accumulate such that further login attempts are impossible. Presence of these processes does not indicate active exploitation of this vulnerability. It is possible to trigger this denial of service condition by accident.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2006-5051
CVE-2008-4109
DSA-1638
Platform(s):Debian GNU/Linux 4.0
Product(s):openssh
Definition Synopsis
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND Packages section
  • ssh-krb5 is earlier than 4.3p2-9etch3
  • OR ssh is earlier than 4.3p2-9etch3
  • OR Architecture dependent section
  • Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is hppa
  • AND Packages section
  • openssh-server is earlier than 4.3p2-9etch3
  • OR openssh-client is earlier than 4.3p2-9etch3
  • OR ssh-askpass-gnome is earlier than 4.3p2-9etch3
    • BACK