(Blue Coat Issues Fix for ProxySG) OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1021858 |
|
SecurityTracker URL: http://securitytracker.com/id/1021858
|
|
CVE Reference:
CVE-2006-4924
(Links to External Site)
|
Date: Mar 18 2009
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.2, 4.3, 5.2
|
Description:
A vulnerability was reported in OpenSSH. A remote user can cause denial of service conditions. Blue Coat ProxySG is affected.
A remote user can cause the target OpenSSH service to consume excessive CPU resources when SSH protocol version 1 is enabled.
The flaw resides in the CRC attack detection function in the processing of identical blocks.
Tavis Ormandy of the Google Security Team discovered this vulnerability.
|
Impact:
A remote user can cause the target service to consume excessive CPU resources.
|
Solution:
Blue Coat has issued a fix (4.2.10, 4.3.3, 5.2.6) for ProxySG, which is affected by this vulnerability.
The Blue Coat advisory is available at:
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
|
Cause:
State error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 17 Mar 2009 20:48:19 -0500
Subject: SSH server on ProxySG may allow a remote attacker to cause a denial of service
|
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
CVE-2006-4924
|
|
