From owner-freebsd-security@FreeBSD.ORG Sat Sep 30 21:07:08 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92E2F16A403 for ; Sat, 30 Sep 2006 21:07:08 +0000 (UTC) (envelope-from pekkas@netcore.fi) Received: from netcore.fi (netcore.fi [193.94.160.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id E210F43D6B for ; Sat, 30 Sep 2006 21:07:07 +0000 (GMT) (envelope-from pekkas@netcore.fi) Received: from localhost (pekkas@localhost) by netcore.fi (8.12.11.20060614/8.12.11) with ESMTP id k8UL72MK004633 for ; Sun, 1 Oct 2006 00:07:03 +0300 Date: Sun, 1 Oct 2006 00:07:02 +0300 (EEST) From: Pekka Savola To: freebsd-security@freebsd.org In-Reply-To: <200609302024.k8UKOjon073315@freefall.freebsd.org> Message-ID: References: <200609302024.k8UKOjon073315@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV 0.88.4/1950/Thu Sep 28 17:11:54 2006 on otso.netcore.fi X-Virus-Status: Clean X-Spam-Status: No, score=-0.0 required=5.0 tests=NO_RELAYS autolearn=failed version=3.1.4 X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on otso.netcore.fi X-Mailman-Approved-At: Sun, 01 Oct 2006 01:12:59 +0000 Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:22.openssh X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Sep 2006 21:07:08 -0000 On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > III. Impact > > An attacker sending specially crafted packets to sshd(8) can cause a > Denial of Service by using 100% of CPU time until a connection timeout > occurs. Since this attack can be performed over multiple connections > simultaneously, it is possible to cause up to MaxStartups (10 by default) > sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] > > The OpenSSH project believe that the race condition can lead to a Denial > of Service or potentially remote code execution, but the FreeBSD Security > Team has been unable to verify the exact impact. [CVE-2006-5051] > > IV. Workaround > > The attack against the CRC compensation attack detector can be avoided > by disabling SSH Protocol version 1 support in sshd_config(5). > > There is no workaround for the second issue. Doesn't TCP wrappers restriction mitigate or work around this issue or is it done too late ? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings