| Vulnerability Name: | CVE-2004-2069 (CCN-20930) | ||||||||||||
| Assigned: | 2004-01-27 | ||||||||||||
| Published: | 2004-01-27 | ||||||||||||
| Updated: | 2018-10-19 | ||||||||||||
| Summary: | sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon Nov 13 2006 - 17:22:54 CST VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 Source: CCN Type: Full-Disclosure Mailing List, Mon Nov 13 2006 - 17:23:03 CST VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 Source: CCN Type: Full-Disclosure Mailing List, Mon Nov 13 2006 - 17:22:38 CST VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 Source: MITRE Type: CNA CVE-2004-2069 Source: MLIST Type: UNKNOWN [openssh-unix-dev] 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time Source: MLIST Type: UNKNOWN [openssh-unix-dev] 20040128 Re: OpenSSH - Connection problem when LoginGraceTime exceeds time Source: CCN Type: BugTraq Mailing List, 20040113 20040127 OpenSSH - Connection problem when LoginGraceTime exceeds time Source: CCN Type: RHSA-2005-550 openssh security update Source: REDHAT Type: UNKNOWN RHSA-2005:550 Source: SECUNIA Type: UNKNOWN 17000 Source: SECUNIA Type: UNKNOWN 17135 Source: CCN Type: SA17252 Avaya Intuity LX Two Vulnerabilities Source: SECUNIA Type: UNKNOWN 17252 Source: CCN Type: SA22875 VMware ESX Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 22875 Source: CCN Type: SA23680 VMWare ESX Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 23680 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf Source: CCN Type: OpenSSH Web site OpenSSH Source: OSVDB Type: UNKNOWN 16567 Source: CCN Type: OSVDB ID: 16567 OpenSSH Privilege Separation LoginGraceTime DoS Source: FEDORA Type: UNKNOWN FLSA-2006:168935 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 Source: BUGTRAQ Type: UNKNOWN 20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 Source: BID Type: UNKNOWN 14963 Source: CCN Type: BID-14963 OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability Source: CONFIRM Type: UNKNOWN http://www.vmware.com/download/esx/esx-202-200610-patch.html Source: CCN Type: VMware Web site VMware ESX Server 2.1.3 Upgrade Patch 2 (for 2.1.3 Systems Only) Source: CONFIRM Type: UNKNOWN http://www.vmware.com/download/esx/esx-213-200610-patch.html Source: CCN Type: VMware Advisory esx-253-200610-patch VMware ESX Server 2.5.3 Upgrade Patch 4 (for 2.5.3 Systems Only) Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Source: VUPEN Type: UNKNOWN ADV-2006-4502 Source: XF Type: UNKNOWN openssh-sshdc-logingracetime-dos(20930) Source: XF Type: UNKNOWN openssh-sshdc-logingracetime-dos(20930) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11541 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||