// For flags

CVE-2006-4924

OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service

Severity Score

7.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-09-21 CVE Reserved
  • 2006-09-27 CVE Published
  • 2006-09-27 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-08-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (82)
URL Tag Source
http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability X_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=148228 X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214 X_refsource_confirm
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Mailing List
http://secunia.com/advisories/23680 Third Party Advisory
http://secunia.com/advisories/24479 Third Party Advisory
http://secunia.com/advisories/24799 Third Party Advisory
http://secunia.com/advisories/24805 Third Party Advisory
http://secunia.com/advisories/25608 Third Party Advisory
http://secunia.com/advisories/29371 Third Party Advisory
http://secunia.com/advisories/34274 Third Party Advisory
http://securitytracker.com/id?1016931 Vdb Entry
http://sourceforge.net/forum/forum.php?forum_id=681763 X_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm X_refsource_confirm
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Mailing List
http://www.kb.cert.org/vuls/id/787448 Third Party Advisory
http://www.osvdb.org/29152 Vdb Entry
http://www.securityfocus.com/archive/1/447153/100/0/threaded Mailing List
http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html X_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2006/3777 Vdb Entry
http://www.vupen.com/english/advisories/2006/4401 Vdb Entry
http://www.vupen.com/english/advisories/2006/4869 Vdb Entry
http://www.vupen.com/english/advisories/2007/0930 Vdb Entry
http://www.vupen.com/english/advisories/2007/1332 Vdb Entry
http://www.vupen.com/english/advisories/2007/2119 Vdb Entry
http://www.vupen.com/english/advisories/2009/0740 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158 Vdb Entry
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg X_refsource_confirm
https://issues.rpath.com/browse/RPL-661 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193 Signature
URL Date SRC
https://www.exploit-db.com/exploits/2444 2006-09-27
http://www.securityfocus.com/bid/20216 2024-08-07
URL Date SRC
http://www.debian.org/security/2006/dsa-1189 2018-10-17
http://www.debian.org/security/2006/dsa-1212 2018-10-17
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955 2018-10-17
URL Date SRC
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc 2018-10-17
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt 2018-10-17
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc 2018-10-17
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 2018-10-17
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html 2018-10-17
http://secunia.com/advisories/21923 2018-10-17
http://secunia.com/advisories/22091 2018-10-17
http://secunia.com/advisories/22116 2018-10-17
http://secunia.com/advisories/22158 2018-10-17
http://secunia.com/advisories/22164 2018-10-17
http://secunia.com/advisories/22183 2018-10-17
http://secunia.com/advisories/22196 2018-10-17
http://secunia.com/advisories/22208 2018-10-17
http://secunia.com/advisories/22236 2018-10-17
http://secunia.com/advisories/22245 2018-10-17
http://secunia.com/advisories/22270 2018-10-17
http://secunia.com/advisories/22298 2018-10-17
http://secunia.com/advisories/22352 2018-10-17
http://secunia.com/advisories/22362 2018-10-17
http://secunia.com/advisories/22487 2018-10-17
http://secunia.com/advisories/22495 2018-10-17
http://secunia.com/advisories/22823 2018-10-17
http://secunia.com/advisories/22926 2018-10-17
http://secunia.com/advisories/23038 2018-10-17
http://secunia.com/advisories/23241 2018-10-17
http://secunia.com/advisories/23340 2018-10-17
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc 2018-10-17
http://security.gentoo.org/glsa/glsa-200609-17.xml 2018-10-17
http://security.gentoo.org/glsa/glsa-200611-06.xml 2018-10-17
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 2018-10-17
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 2018-10-17
http://www.novell.com/linux/security/advisories/2006_24_sr.html 2018-10-17
http://www.novell.com/linux/security/advisories/2006_62_openssh.html 2018-10-17
http://www.openbsd.org/errata.html#ssh 2018-10-17
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0697.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0698.html 2018-10-17
http://www.trustix.org/errata/2006/0054 2018-10-17
http://www.ubuntu.com/usn/usn-355-1 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-4924 2006-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=207957 2006-09-29
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 1.2
Search vendor "Openbsd" for product "Openssh" and version "1.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 1.2.1
Search vendor "Openbsd" for product "Openssh" and version "1.2.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 1.2.2
Search vendor "Openbsd" for product "Openssh" and version "1.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 1.2.3
Search vendor "Openbsd" for product "Openssh" and version "1.2.3"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 1.2.27
Search vendor "Openbsd" for product "Openssh" and version "1.2.27"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.1
Search vendor "Openbsd" for product "Openssh" and version "2.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.1.1
Search vendor "Openbsd" for product "Openssh" and version "2.1.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.2
Search vendor "Openbsd" for product "Openssh" and version "2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.3
Search vendor "Openbsd" for product "Openssh" and version "2.3"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.5
Search vendor "Openbsd" for product "Openssh" and version "2.5"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.5.1
Search vendor "Openbsd" for product "Openssh" and version "2.5.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.5.2
Search vendor "Openbsd" for product "Openssh" and version "2.5.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.9
Search vendor "Openbsd" for product "Openssh" and version "2.9"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.9.9
Search vendor "Openbsd" for product "Openssh" and version "2.9.9"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.9.9p2
Search vendor "Openbsd" for product "Openssh" and version "2.9.9p2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.9p1
Search vendor "Openbsd" for product "Openssh" and version "2.9p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 2.9p2
Search vendor "Openbsd" for product "Openssh" and version "2.9p2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0
Search vendor "Openbsd" for product "Openssh" and version "3.0"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0.1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0.2
Search vendor "Openbsd" for product "Openssh" and version "3.0.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.0p1
Search vendor "Openbsd" for product "Openssh" and version "3.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.1
Search vendor "Openbsd" for product "Openssh" and version "3.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.2
Search vendor "Openbsd" for product "Openssh" and version "3.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.2.2
Search vendor "Openbsd" for product "Openssh" and version "3.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.2.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.2.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.3
Search vendor "Openbsd" for product "Openssh" and version "3.3"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.4
Search vendor "Openbsd" for product "Openssh" and version "3.4"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.4p1
Search vendor "Openbsd" for product "Openssh" and version "3.4p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.5
Search vendor "Openbsd" for product "Openssh" and version "3.5"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.5p1
Search vendor "Openbsd" for product "Openssh" and version "3.5p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.6
Search vendor "Openbsd" for product "Openssh" and version "3.6"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.6.1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.6.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.6.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.7
Search vendor "Openbsd" for product "Openssh" and version "3.7"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.7.1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.7.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.7.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.8
Search vendor "Openbsd" for product "Openssh" and version "3.8"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.8.1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.8.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.9
Search vendor "Openbsd" for product "Openssh" and version "3.9"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.9.1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 3.9.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.0
Search vendor "Openbsd" for product "Openssh" and version "4.0"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.0p1
Search vendor "Openbsd" for product "Openssh" and version "4.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.1p1
Search vendor "Openbsd" for product "Openssh" and version "4.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.2
Search vendor "Openbsd" for product "Openssh" and version "4.2"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.2p1
Search vendor "Openbsd" for product "Openssh" and version "4.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 4.3p1
Search vendor "Openbsd" for product "Openssh" and version "4.3p1"
-
Affected