CVE-2006-4925 - Affected OpenSSH Versions

David Aaron DAaron at trustwave.com
Tue Dec 18 02:53:18 EST 2012 

Thank you for the previous information.

However,
http://www.securityfocus.com/archive/1/archive/1/447153/100/0/threaded,
which is associated with CVE-2006-4925, explains the following:

"Previous versions of the openssh package are vulnerable to a
    remote denial of service attack that cause the server to consume
    CPU when presented with certain data.  They also have a bug (not
    a vulnerability) that causes the client to crash harmlessly
    instead of exiting cleanly under some attacks; this is not a
    vulnerability but is also fixed in this update."

As such it would appear that there is a client side issue, as has been
suggested, but also that there is a server side DoS issue as well. The
server side DoS is the vulnerability of interest here.

Is it being suggested that there is no server side DoS which is actually
exploitable via CVE-2006-4925 (and that there is just a relitvely harmless
client side crashing issue)?

If there is a server side DoS vulnerability, then we at Trustwave would
still be interested in knowing the versions of OpenSSH affected by
CVE-2006-4925.


David Aaron
Security Researcher
Trustwave
www.trustwave.com


On 12/16/12 6:56 PM, "Damien Miller" <djm at mindrot.org> wrote:

>On Fri, 14 Dec 2012, David Aaron wrote:
>
>> Comparison of
>> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.4.tar.gz to
>> http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/openssh-4.5.tar.gz
>> source codes, in conjunction with the changes shown at
>> http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1
>> =1.144&r2=1.145&f=h, appear to shows that CVE-2006-4925 was fixed with
>> the release of OpenSSH 4.5.
>>
>> However, can a list of OpenSSH versions which are/were affected by
>> this CVE be supplied?
>>
>> I ask as there seems to be little in the way of documentation at
>> http://www.openssh.com regarding CVE-2006-4925.
>
>That's because it isn't a security problem. An "attacker" can cause their
>own connection to abort and no others.
>
>-d
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the openssh-unix-dev mailing list