CVE-2006-4924

OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC.

Two denial of service vulnerabilities have been found in the OpenSSH server. The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-09-21 CVE Reserved
2006-09-27 CVE Published
2016-09-12 First Exploit
2024-08-07 CVE Updated
2025-08-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-399: Resource Management Errors

CAPEC

References (82)

URL	Tag	Source
http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability	X_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=148228	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214	X_refsource_confirm
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2	Mailing List
http://secunia.com/advisories/23680	Third Party Advisory
http://secunia.com/advisories/24479	Third Party Advisory
http://secunia.com/advisories/24799	Third Party Advisory
http://secunia.com/advisories/24805	Third Party Advisory
http://secunia.com/advisories/25608	Third Party Advisory
http://secunia.com/advisories/29371	Third Party Advisory
http://secunia.com/advisories/34274	Third Party Advisory
http://securitytracker.com/id?1016931	Vdb Entry
http://sourceforge.net/forum/forum.php?forum_id=681763	X_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm	X_refsource_confirm
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html	Mailing List
http://www.kb.cert.org/vuls/id/787448	Third Party Advisory
http://www.osvdb.org/29152	Vdb Entry
http://www.securityfocus.com/archive/1/447153/100/0/threaded	Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	X_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2006/3777	Vdb Entry
http://www.vupen.com/english/advisories/2006/4401	Vdb Entry
http://www.vupen.com/english/advisories/2006/4869	Vdb Entry
http://www.vupen.com/english/advisories/2007/0930	Vdb Entry
http://www.vupen.com/english/advisories/2007/1332	Vdb Entry
http://www.vupen.com/english/advisories/2007/2119	Vdb Entry
http://www.vupen.com/english/advisories/2009/0740	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158	Vdb Entry
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg	X_refsource_confirm
https://issues.rpath.com/browse/RPL-661	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/2444	2016-09-12
http://www.securityfocus.com/bid/20216	2024-08-07

URL	Date	SRC
http://www.debian.org/security/2006/dsa-1189	2018-10-17
http://www.debian.org/security/2006/dsa-1212	2018-10-17
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955	2018-10-17

URL	Date	SRC
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc	2018-10-17
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt	2018-10-17
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	2018-10-17
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112	2018-10-17
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	2018-10-17
http://secunia.com/advisories/21923	2018-10-17
http://secunia.com/advisories/22091	2018-10-17
http://secunia.com/advisories/22116	2018-10-17
http://secunia.com/advisories/22158	2018-10-17
http://secunia.com/advisories/22164	2018-10-17
http://secunia.com/advisories/22183	2018-10-17
http://secunia.com/advisories/22196	2018-10-17
http://secunia.com/advisories/22208	2018-10-17
http://secunia.com/advisories/22236	2018-10-17
http://secunia.com/advisories/22245	2018-10-17
http://secunia.com/advisories/22270	2018-10-17
http://secunia.com/advisories/22298	2018-10-17
http://secunia.com/advisories/22352	2018-10-17
http://secunia.com/advisories/22362	2018-10-17
http://secunia.com/advisories/22487	2018-10-17
http://secunia.com/advisories/22495	2018-10-17
http://secunia.com/advisories/22823	2018-10-17
http://secunia.com/advisories/22926	2018-10-17
http://secunia.com/advisories/23038	2018-10-17
http://secunia.com/advisories/23241	2018-10-17
http://secunia.com/advisories/23340	2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc	2018-10-17
http://security.gentoo.org/glsa/glsa-200609-17.xml	2018-10-17
http://security.gentoo.org/glsa/glsa-200611-06.xml	2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566	2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179	2018-10-17
http://www.novell.com/linux/security/advisories/2006_24_sr.html	2018-10-17
http://www.novell.com/linux/security/advisories/2006_62_openssh.html	2018-10-17
http://www.openbsd.org/errata.html#ssh	2018-10-17
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0697.html	2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0698.html	2018-10-17
http://www.trustix.org/errata/2006/0054	2018-10-17
http://www.ubuntu.com/usn/usn-355-1	2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4924	2006-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=207957	2006-09-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2 Search vendor "Openbsd" for product "Openssh" and version "1.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.1 Search vendor "Openbsd" for product "Openssh" and version "1.2.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.2 Search vendor "Openbsd" for product "Openssh" and version "1.2.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.3 Search vendor "Openbsd" for product "Openssh" and version "1.2.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				1.2.27 Search vendor "Openbsd" for product "Openssh" and version "1.2.27"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.1 Search vendor "Openbsd" for product "Openssh" and version "2.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.1.1 Search vendor "Openbsd" for product "Openssh" and version "2.1.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.2 Search vendor "Openbsd" for product "Openssh" and version "2.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.3 Search vendor "Openbsd" for product "Openssh" and version "2.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.5 Search vendor "Openbsd" for product "Openssh" and version "2.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.5.1 Search vendor "Openbsd" for product "Openssh" and version "2.5.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.5.2 Search vendor "Openbsd" for product "Openssh" and version "2.5.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.9 Search vendor "Openbsd" for product "Openssh" and version "2.9"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.9.9 Search vendor "Openbsd" for product "Openssh" and version "2.9.9"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.9.9p2 Search vendor "Openbsd" for product "Openssh" and version "2.9.9p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.9p1 Search vendor "Openbsd" for product "Openssh" and version "2.9p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				2.9p2 Search vendor "Openbsd" for product "Openssh" and version "2.9p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0 Search vendor "Openbsd" for product "Openssh" and version "3.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.2 Search vendor "Openbsd" for product "Openssh" and version "3.0.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.0p1 Search vendor "Openbsd" for product "Openssh" and version "3.0p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.1 Search vendor "Openbsd" for product "Openssh" and version "3.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2 Search vendor "Openbsd" for product "Openssh" and version "3.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.2 Search vendor "Openbsd" for product "Openssh" and version "3.2.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.2p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.2.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.3 Search vendor "Openbsd" for product "Openssh" and version "3.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.3p1 Search vendor "Openbsd" for product "Openssh" and version "3.3p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.4 Search vendor "Openbsd" for product "Openssh" and version "3.4"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.4p1 Search vendor "Openbsd" for product "Openssh" and version "3.4p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.5 Search vendor "Openbsd" for product "Openssh" and version "3.5"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.5p1 Search vendor "Openbsd" for product "Openssh" and version "3.5p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6 Search vendor "Openbsd" for product "Openssh" and version "3.6"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.6.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7 Search vendor "Openbsd" for product "Openssh" and version "3.7"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.7.1p2 Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8 Search vendor "Openbsd" for product "Openssh" and version "3.8"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8.1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.8.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9 Search vendor "Openbsd" for product "Openssh" and version "3.9"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9.1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				3.9.1p1 Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0 Search vendor "Openbsd" for product "Openssh" and version "4.0"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.0p1 Search vendor "Openbsd" for product "Openssh" and version "4.0p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.1p1 Search vendor "Openbsd" for product "Openssh" and version "4.1p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2 Search vendor "Openbsd" for product "Openssh" and version "4.2"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.2p1 Search vendor "Openbsd" for product "Openssh" and version "4.2p1"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3 Search vendor "Openbsd" for product "Openssh" and version "4.3"		-		Affected
Openbsd Search vendor "Openbsd"		Openssh Search vendor "Openbsd" for product "Openssh"				4.3p1 Search vendor "Openbsd" for product "Openssh" and version "4.3p1"		-		Affected