SSH: OpenSSH sshd Identical Blocks Denial of Service (2)
An integer overflow vulnerability has been reported in PuTTY SSH Client. The vulnerability is due to improper handling of overly short RSA Keys During RSA Key Exchanges. A remote, unauthenticated attacker could exploit this vulnerability by enticing a targeted user to connect to a malicious SSH server. Successful exploitation could result in denial-of-service conditions or, in the worst case, arbitrary code execution.
Extended Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Affected Products
Openbsd openssh
References
CVE: CVE-2006-4924
Short Name
SSH:OVERFLOW:BLOCK-DOS-2
Severity
Major
Recommended
False
Recommended Action
None
Category
SSH
Keywords
(2) Blocks CVE-2006-4924 Denial Identical OpenSSH Service of sshd
Release Date
07/18/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Openbsd
CVSS Score
7.8