// For flags

CVE-2006-0883

FreeBSD-SA-06-09.openssh.txt

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Because OpenSSH and OpenPAM have conflicting designs (one is event-driven while the other is callback-driven), it is necessary for OpenSSH to fork a child process to handle calls to the PAM framework. However, if the unprivileged child terminates while PAM authentication is under way, the parent process incorrectly believes that the PAM child also terminated. The parent process then terminates, and the PAM child is left behind. Due to the way OpenSSH performs internal accounting, these orphaned PAM children are counted as pending connections by the master OpenSSH server process. Once a certain number of orphans has accumulated, the master decides that it is overloaded and stops accepting client connections.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-02-24 CVE Reserved
  • 2006-03-03 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.8.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"
-
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.3
Search vendor "Freebsd" for product "Freebsd" and version "5.3"
-
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.3
Search vendor "Freebsd" for product "Freebsd" and version "5.3"
release
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.3
Search vendor "Freebsd" for product "Freebsd" and version "5.3"
releng
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.3
Search vendor "Freebsd" for product "Freebsd" and version "5.3"
stable
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.4
Search vendor "Freebsd" for product "Freebsd" and version "5.4"
pre-release
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.4
Search vendor "Freebsd" for product "Freebsd" and version "5.4"
release
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.4
Search vendor "Freebsd" for product "Freebsd" and version "5.4"
releng
Affected
Freebsd
Search vendor "Freebsd"
 Freebsd
Search vendor "Freebsd" for product "Freebsd"
 5.4
Search vendor "Freebsd" for product "Freebsd" and version "5.4"
stable
Affected