CVE-2006-4925 - Affected OpenSSH Versions

Damien Miller djm at
Tue Dec 18 09:39:31 EST 2012

On Mon, 17 Dec 2012, David Aaron wrote:

> Thank you for the previous information.
> However,
> which is associated with CVE-2006-4925, explains the following:
> "Previous versions of the openssh package are vulnerable to a
>     remote denial of service attack that cause the server to consume
>     CPU when presented with certain data.  They also have a bug (not
>     a vulnerability) that causes the client to crash harmlessly
>     instead of exiting cleanly under some attacks; this is not a
>     vulnerability but is also fixed in this update."
> As such it would appear that there is a client side issue, as has been
> suggested, but also that there is a server side DoS issue as well. The
> server side DoS is the vulnerability of interest here.

The server DoS is:

This is actually mentioned in the securityfocus discussion you referred to.

More information about the openssh-unix-dev mailing list