Vulnerability Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 1.2 |
Related Weaknesses (CWE)
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
- ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
- ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
- http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
- http://bugs.gentoo.org/show_bug.cgi?id=148228
- http://docs.info.apple.com/article.html?artnum=305214
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
- http://secunia.com/advisories/21923Vendor Advisory
- http://secunia.com/advisories/22091Vendor Advisory
- http://secunia.com/advisories/22116Vendor Advisory
- http://secunia.com/advisories/22158Vendor Advisory
- http://secunia.com/advisories/22164Vendor Advisory
- http://secunia.com/advisories/22183Vendor Advisory
FAQ
What is CVE-2006-4924?
CVE-2006-4924 is a vulnerability with a CVSS score of 7.8 (HIGH). sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not...
How severe is CVE-2006-4924?
CVE-2006-4924 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4924?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.