J-Security Center

Title: OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability

Severity: MODERATE

Description:

OpenSSH is a freely available, open-source implementation of the Secure Shell protocol. It is available for UNIX, Linux, and Microsoft platforms.

OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when servicing timeouts related to the 'LoginGraceTime' server configuration directive.

Specifically, when 'LoginGraceTime' in conjunction with 'MaxStartups' and 'UsePrivilegeSeparation' are configured and enabled in the server, a condition may arise where the server refuses further remote connection attempts.

'LoginGraceTime' sets the time limit for the new connection authentication process. If a remote connection takes longer than the configured number of seconds to authenticate, the connection is dropped.

'MaxStartups' sets the number of simultaneous SSH connections that may be in the preauthentication state. Further remote connections will be refused if the maximum configured number of remote connections are currently attempting to authenticate.

When privilege separation is enabled, the alarm signal used to alert the SSH server of the expiration of the 'LoginGraceTime' timer is delivered to the parent process. The child, non-privileged process is not alerted, and will keep the connection alive and counted for the 'MaxStartups' counter.

Remote attackers may exploit this issue to deny SSH service to legitimate users.

Affected Products:

  • Apple Mac OS X 10.0.0
  • Apple Mac OS X 10.0.1
  • Apple Mac OS X 10.0.2
  • Apple Mac OS X 10.0.3
  • Apple Mac OS X 10.0.4
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.1.0
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.5
  • Avaya CVLAN
  • Avaya Integrated Management
  • Avaya Integrated Management 2.1.0
  • Avaya Intuity LX
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux 9.0.0
  • Conectiva Linux Enterprise Edition 1.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • EnGarde Secure Linux 1.0.1
  • FreeBSD FreeBSD 4.4.0
  • FreeBSD FreeBSD 4.4.0 -RELENG
  • FreeBSD FreeBSD 4.5.0
  • FreeBSD FreeBSD 4.5.0 -RELEASE
  • FreeBSD FreeBSD 4.5.0 -STABLEpre2002-03-07
  • FreeBSD FreeBSD 4.6.0
  • FreeBSD FreeBSD 4.6.0 -RELEASE
  • FreeBSD FreeBSD 4.7.0
  • FreeBSD FreeBSD 4.7.0 -RELEASE
  • FreeBSD FreeBSD 5.0.0
  • Guardian Digital Engarde Secure Linux 1.0.1
  • HP Secure OS software for Linux 1.0.0
  • HP VirtualVault 4.6.0
  • IBM AIX 4.3.3
  • IBM AIX 5.1.0 L
  • Immunix Immunix OS 7+
  • Immunix Immunix OS 7.0.0
  • Juniper Networks NetScreen-IDP 10 3.0.0
  • Juniper Networks NetScreen-IDP 10 3.0.0 r1
  • Juniper Networks NetScreen-IDP 10 3.0.0 r2
  • Juniper Networks NetScreen-IDP 100 3.0.0
  • Juniper Networks NetScreen-IDP 100 3.0.0 r1
  • Juniper Networks NetScreen-IDP 100 3.0.0 r2
  • Juniper Networks NetScreen-IDP 1000 3.0.0
  • Juniper Networks NetScreen-IDP 1000 3.0.0 r1
  • Juniper Networks NetScreen-IDP 1000 3.0.0 r2
  • Juniper Networks NetScreen-IDP 500 3.0.0
  • Juniper Networks NetScreen-IDP 500 3.0.0 r1
  • Juniper Networks NetScreen-IDP 500 3.0.0 r2
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Linux Mandrake 9.1.0
  • MandrakeSoft Linux Mandrake 9.1.0 ppc
  • MandrakeSoft Multi Network Firewall 2.0.0
  • MandrakeSoft Single Network Firewall 7.2.0
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5.2
  • Novell Netware 6.5.0
  • OpenBSD OpenBSD 3.1
  • OpenPKG OpenPKG 1.0.0
  • OpenPKG OpenPKG 1.2.0
  • OpenPKG OpenPKG Current
  • OpenSSH OpenSSH 2.3.0
  • OpenSSH OpenSSH 2.5.0
  • OpenSSH OpenSSH 2.5.1
  • OpenSSH OpenSSH 2.5.2
  • OpenSSH OpenSSH 2.9.0
  • OpenSSH OpenSSH 2.9.0p1
  • OpenSSH OpenSSH 2.9.0p2
  • OpenSSH OpenSSH 2.9.9
  • OpenSSH OpenSSH 3.0.0
  • OpenSSH OpenSSH 3.0.0 p1
  • OpenSSH OpenSSH 3.0.1
  • OpenSSH OpenSSH 3.0.1 p1
  • OpenSSH OpenSSH 3.0.2
  • OpenSSH OpenSSH 3.0.2 p1
  • OpenSSH OpenSSH 3.1.0
  • OpenSSH OpenSSH 3.1.0 P1
  • OpenSSH OpenSSH 3.2.0
  • OpenSSH OpenSSH 3.2.2 p1
  • OpenSSH OpenSSH 3.2.3 p1
  • OpenSSH OpenSSH 3.3.0
  • OpenSSH OpenSSH 3.3.0 p1
  • OpenSSH OpenSSH 3.4.0
  • OpenSSH OpenSSH 3.4.0 p1
  • OpenSSH OpenSSH 3.4.0 p1-1
  • OpenSSH OpenSSH 3.5.0
  • OpenSSH OpenSSH 3.5.0p1
  • OpenSSH OpenSSH 3.6.1
  • OpenSSH OpenSSH 3.6.1p1
  • OpenSSH OpenSSH 3.6.1p2
  • OpenSSH OpenSSH 3.7.0
  • OpenSSH OpenSSH 3.7.0.1p2
  • OpenSSH OpenSSH 3.7.0p1
  • OpenSSH OpenSSH 3.7.1
  • OpenSSH OpenSSH 3.7.1p1
  • Openwall Openwall GNU/*/Linux (Owl)-current
  • Openwall Openwall GNU/*/Linux 0.1.0 -stable
  • RedHat Desktop 3.0.0
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 3
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 3
  • RedHat Fedora Core1
  • RedHat Fedora Core2
  • RedHat Fedora Core3
  • RedHat Linux 7.0.0
  • RedHat Linux 7.1.0
  • RedHat Linux 7.2.0
  • RedHat Linux 7.3.0
  • RedHat Linux 7.3.0 i386
  • RedHat Linux 8.0.0
  • RedHat Linux 9.0.0 i386
  • RedHat Linux for iSeries 7.1.0
  • RedHat Linux for pSeries 7.1.0
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Database Server
  • S.u.S.E. Linux Enterprise Server 7
  • S.u.S.E. Linux Firewall on CD
  • S.u.S.E. Linux Live-CD for Firewall 0.0.0
  • S.u.S.E. Linux Personal 8.2.0
  • S.u.S.E. SuSE eMail Server III
  • SCO Open Server 5.0.7
  • Slackware Linux -current
  • Slackware Linux 8.1.0
  • Slackware Linux 9.0.0
  • Sun Cobalt RaQ 550
  • Sun Linux 5.0.7
  • Sun Solaris 9
  • Terra Soft Solutions Yellow Dog Linux 3.0.0
  • Trustix Secure Linux 1.1.0
  • Trustix Secure Linux 1.2.0
  • Trustix Secure Linux 1.5.0
  • Trustix Secure Linux 2.0.0
  • VMWare ESX Server 2.0.2
  • VMWare ESX Server 2.1.3
  • VMWare ESX Server 2.5.3
  • VMWare ESX Server 2.5.4

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.