Vulnerability Name:

CVE-2008-4109 (CCN-45202)

Assigned:2008-09-12
Published:2008-09-12
Updated:2017-08-08
Summary:A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts.
Note: this issue exists because of an incorrect fix for CVE-2006-5051.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-264
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Debian Bug report logs - #498678
sigdie must not be called from a signal handler context

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678

Source: MITRE
Type: CNA
CVE-2008-4109

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:020

Source: SECUNIA
Type: UNKNOWN
31885

Source: SECUNIA
Type: UNKNOWN
32080

Source: SECUNIA
Type: UNKNOWN
32181

Source: CCN
Type: SECTRACK ID: 1020891
OpenSSH on Debian Lets Remote Users Prevent Logins

Source: DEBIAN
Type: Patch
DSA-1638

Source: DEBIAN
Type: DSA-1638
openssh -- denial of service

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: SECTRACK
Type: UNKNOWN
1020891

Source: CCN
Type: USN-649-1
OpenSSH vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-649-1

Source: XF
Type: UNKNOWN
openssh-signalhandler-dos(45202)

Source: XF
Type: UNKNOWN
openssh-signalhandler-dos(45202)

Source: SUSE
Type: SUSE-SR:2008:020
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:debian:linux:unknown:unknown:etch:*:*:*:*:*
  • AND
  • cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:* (Version <= 4.3p2)

    • Configuration 2:
  • cpe:/a:debian:linux:unknown:unknown:sid:*:*:*:*:*
  • AND
  • cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:* (Version <= 4.6)

    • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20084109
    V
    		CVE-2008-4109
    2015-11-16
    oval:org.mitre.oval:def:17752
    P
    		USN-649-1 -- openssh vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:8085
    P
    		DSA-1638 openssh -- denial of service
    2014-06-23
    oval:org.debian:def:1638
    V
    		denial of service
    2008-09-16
    BACK
    debian linux unknown unknown
    openbsd openssh 1.2
    openbsd openssh 1.2.1
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.3
    openbsd openssh 1.5
    openbsd openssh 1.5.7
    openbsd openssh 1.5.8
    openbsd openssh 2
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.3.1
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.5.2
    openbsd openssh 2.9
    openbsd openssh 2.9.9
    openbsd openssh 2.9.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9p2
    openbsd openssh 3.0
    openbsd openssh 3.0.1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.2
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0p1
    openbsd openssh 3.1
    openbsd openssh 3.1p1
    openbsd openssh 3.2
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3
    openbsd openssh 3.3p1
    openbsd openssh 3.4
    openbsd openssh 3.4p1
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 3.7
    openbsd openssh 3.7.1
    openbsd openssh 3.7.1p1
    openbsd openssh 3.7.1p2
    openbsd openssh 3.8
    openbsd openssh 3.8.1
    openbsd openssh 3.8.1p1
    openbsd openssh 3.9
    openbsd openssh 3.9.1
    openbsd openssh 3.9.1p1
    openbsd openssh 4.0
    openbsd openssh 4.0p1
    openbsd openssh 4.1
    openbsd openssh 4.1p1
    openbsd openssh 4.2
    openbsd openssh 4.2p1
    openbsd openssh 4.3
    openbsd openssh 4.3p1
    openbsd openssh *
    debian linux unknown unknown
    openbsd openssh 1.2
    openbsd openssh 1.2.1
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.3
    openbsd openssh 1.5
    openbsd openssh 1.5.7
    openbsd openssh 1.5.8
    openbsd openssh 2
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.3.1
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.5.2
    openbsd openssh 2.9
    openbsd openssh 2.9.9
    openbsd openssh 2.9.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9p2
    openbsd openssh 3.0
    openbsd openssh 3.0.1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.2
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0p1
    openbsd openssh 3.1
    openbsd openssh 3.1p1
    openbsd openssh 3.2
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3
    openbsd openssh 3.3p1
    openbsd openssh 3.4
    openbsd openssh 3.4p1
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 3.7
    openbsd openssh 3.7.1
    openbsd openssh 3.7.1p1
    openbsd openssh 3.7.1p2
    openbsd openssh 3.8
    openbsd openssh 3.8.1
    openbsd openssh 3.8.1p1
    openbsd openssh 3.9
    openbsd openssh 3.9.1
    openbsd openssh 3.9.1p1
    openbsd openssh 4.0
    openbsd openssh 4.0p1
    openbsd openssh 4.1
    openbsd openssh 4.1p1
    openbsd openssh 4.2
    openbsd openssh 4.2p1
    openbsd openssh 4.3
    openbsd openssh 4.3p1
    openbsd openssh 4.3p2
    openbsd openssh 4.4
    openbsd openssh 4.4p1
    openbsd openssh *
    openbsd openssh *
    canonical ubuntu 6.06
    debian debian linux 4.0
    canonical ubuntu 7.04
    canonical ubuntu 7.10