CVE-2006-4925 - Affected OpenSSH Versions
Damien Miller
djm at mindrot.org
Mon Dec 17 11:56:10 EST 2012
On Fri, 14 Dec 2012, David Aaron wrote:
> Comparison of
> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz to
> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz
> source codes, in conjunction with the changes shown at
> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1
> =1.144&r2=1.145&f=h, appear to shows that CVE-2006-4925 was fixed with
> the release of OpenSSH 4.5.
>
> However, can a list of OpenSSH versions which are/were affected by
> this CVE be supplied?
>
> I ask as there seems to be little in the way of documentation at
> http://www.openssh.com regarding CVE-2006-4925.
That's because it isn't a security problem. An "attacker" can cause their
own connection to abort and no others.
-d
More information about the openssh-unix-dev
mailing list