Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

---

• From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
• Date: Mon, 2 Oct 2006 21:11:06 +0200

---

On 2006.10.01 00:07:02 +0300, Pekka Savola wrote:

On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote:

III. Impact

An attacker sending specially crafted packets to sshd(8) can cause a
Denial of Service by using 100% of CPU time until a connection timeout
occurs. Since this attack can be performed over multiple connections
simultaneously, it is possible to cause up to MaxStartups (10 by default)
sshd processes to use all the CPU time they can obtain. [CVE-2006-4924]

The OpenSSH project believe that the race condition can lead to a Denial
of Service or potentially remote code execution, but the FreeBSD Security
Team has been unable to verify the exact impact. [CVE-2006-5051]

IV. Workaround

The attack against the CRC compensation attack detector can be avoided
by disabling SSH Protocol version 1 support in sshd_config(5).

There is no workaround for the second issue.

Doesn't TCP wrappers restriction mitigate or work around this issue or
is it done too late ?

I'm not sure since I have never really used TCP wrappers, but I would
expect it to work. I generally use firewalls to restrict which IP
addresses are allowed to access services when possible.

--
Simon L. Nielsen
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• References:
  • Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
    • From: Pekka Savola

• Prev by Date: Audit handbook chapter review, call for general testing
• Next by Date: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
• Previous by thread: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
• Next by thread: HEADS UP: FreeBSD 5.3, 5.4, 6.0 EoLs coming soon
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh ... Denial of Service by using 100% of CPU time until a connection timeout ... of Service or potentially remote code execution, but the FreeBSD Security ... The attack against the CRC compensation attack detector can be avoided ... There is no workaround for the second issue. ... (FreeBSD-Security) Re: SSH and TCP Wrappers ... you patch or upgrade the ssh daemons on these boxes? ... patches have been out for over a year. ... > exploiting the SSH CRC-32 compensation attack detector as described ... > managed to get through the TCP Wrappers! ... (comp.os.linux.security) Re: SSH and TCP Wrappers ... > TCP Wrappers to prevent all but a select few local addresses from getting to ... > exploiting the SSH CRC-32 compensation attack detector as described in this ... > CERT advisory: http://www.cert.org/advisories/CA-2001-35.html ... Spoofed IP adresses to fool tcp_wrappers into thinking that the attacker ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2006-10