From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200611-06.xml | 70 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 metadata/glsa/glsa-200611-06.xml (limited to 'metadata/glsa/glsa-200611-06.xml') diff --git a/metadata/glsa/glsa-200611-06.xml b/metadata/glsa/glsa-200611-06.xml new file mode 100644 index 000000000000..932720004462 --- /dev/null +++ b/metadata/glsa/glsa-200611-06.xml @@ -0,0 +1,70 @@ + + + + OpenSSH: Multiple Denial of Service vulnerabilities + + Several Denial of Service vulnerabilities have been identified in OpenSSH. + + openssh + 2006-11-13 + 2006-11-13: 01 + 149502 + remote + + + 4.4_p1-r5 + 4.4_p1-r5 + + + +

+ OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0 + implementation and includes sftp client and server support. +

+ + +

+ Tavis Ormandy of the Google Security Team has discovered a + pre-authentication vulnerability, causing sshd to spin until the login + grace time has been expired. Mark Dowd found an unsafe signal handler + that was vulnerable to a race condition. It has also been discovered + that when GSSAPI authentication is enabled, GSSAPI will in certain + cases incorrectly abort. +

+ + +

+ The pre-authentication and signal handler vulnerabilities can cause a + Denial of Service in OpenSSH. The vulnerability in the GSSAPI + authentication abort could be used to determine the validity of + usernames on some platforms. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All OpenSSH users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5" + + + CVE-2006-5051 + CVE-2006-5052 + OpenSSH Security Advisory + + + vorlon078 + + + vorlon078 + + + daxomatic + + -- cgit v1.2.3