OSVDB ID: 29152 Title: OpenSSH Identical Block Packet DoS |
Info |
|
|
Dates |
||||
|
|
Description |
OpenSSH contains a flaw that may allow a pre-authentication remote denial of service. The issue is triggered when SSH version 1 is used via an SSH packet that contains duplicate blocks, and will result in loss of availability for the service. |
Classification |
Location:
Remote / Network Access
Attack Type: Cryptographic, Denial of Service, Input Manipulation Impact: Loss of Availability Exploit: Exploit Public Disclosure: OSVDB Verified, Vendor Verified |
Solution |
Upgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable SSH protocol version 1 in /etc/ssh/sshd_config |
Products |
|
Credit |
|
google.com - Google Information Security Team