CVE-2006-4924
OpenSSH sshd SSH Protocol 1 CRC Denial of Service
Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
INFO
Published Date :
Sept. 27, 2006, 1:07 a.m.
Last Modified :
Nov. 21, 2024, 12:17 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
6.9
Exploitability Score :
10.0
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2006-4924.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2006-4924 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2006-4924 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc Added Reference ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt Added Reference ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Added Reference http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability Added Reference http://bugs.gentoo.org/show_bug.cgi?id=148228 Added Reference http://docs.info.apple.com/article.html?artnum=305214 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 Added Reference http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112 Added Reference http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Added Reference http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Added Reference http://secunia.com/advisories/21923 Added Reference http://secunia.com/advisories/22091 Added Reference http://secunia.com/advisories/22116 Added Reference http://secunia.com/advisories/22158 Added Reference http://secunia.com/advisories/22164 Added Reference http://secunia.com/advisories/22183 Added Reference http://secunia.com/advisories/22196 Added Reference http://secunia.com/advisories/22208 Added Reference http://secunia.com/advisories/22236 Added Reference http://secunia.com/advisories/22245 Added Reference http://secunia.com/advisories/22270 Added Reference http://secunia.com/advisories/22298 Added Reference http://secunia.com/advisories/22352 Added Reference http://secunia.com/advisories/22362 Added Reference http://secunia.com/advisories/22487 Added Reference http://secunia.com/advisories/22495 Added Reference http://secunia.com/advisories/22823 Added Reference http://secunia.com/advisories/22926 Added Reference http://secunia.com/advisories/23038 Added Reference http://secunia.com/advisories/23241 Added Reference http://secunia.com/advisories/23340 Added Reference http://secunia.com/advisories/23680 Added Reference http://secunia.com/advisories/24479 Added Reference http://secunia.com/advisories/24799 Added Reference http://secunia.com/advisories/24805 Added Reference http://secunia.com/advisories/25608 Added Reference http://secunia.com/advisories/29371 Added Reference http://secunia.com/advisories/34274 Added Reference http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc Added Reference http://security.gentoo.org/glsa/glsa-200609-17.xml Added Reference http://security.gentoo.org/glsa/glsa-200611-06.xml Added Reference http://securitytracker.com/id?1016931 Added Reference http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 Added Reference http://sourceforge.net/forum/forum.php?forum_id=681763 Added Reference http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 Added Reference http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1 Added Reference http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm Added Reference http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm Added Reference http://www.debian.org/security/2006/dsa-1189 Added Reference http://www.debian.org/security/2006/dsa-1212 Added Reference http://www.kb.cert.org/vuls/id/787448 Added Reference http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 Added Reference http://www.novell.com/linux/security/advisories/2006_24_sr.html Added Reference http://www.novell.com/linux/security/advisories/2006_62_openssh.html Added Reference http://www.openbsd.org/errata.html#ssh Added Reference http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html Added Reference http://www.osvdb.org/29152 Added Reference http://www.redhat.com/support/errata/RHSA-2006-0697.html Added Reference http://www.redhat.com/support/errata/RHSA-2006-0698.html Added Reference http://www.securityfocus.com/archive/1/447153/100/0/threaded Added Reference http://www.securityfocus.com/bid/20216 Added Reference http://www.trustix.org/errata/2006/0054 Added Reference http://www.ubuntu.com/usn/usn-355-1 Added Reference http://www.us-cert.gov/cas/techalerts/TA07-072A.html Added Reference http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Added Reference http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Added Reference http://www.vupen.com/english/advisories/2006/3777 Added Reference http://www.vupen.com/english/advisories/2006/4401 Added Reference http://www.vupen.com/english/advisories/2006/4869 Added Reference http://www.vupen.com/english/advisories/2007/0930 Added Reference http://www.vupen.com/english/advisories/2007/1332 Added Reference http://www.vupen.com/english/advisories/2007/2119 Added Reference http://www.vupen.com/english/advisories/2009/0740 Added Reference http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Added Reference https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955 Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/29158 Added Reference https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg Added Reference https://issues.rpath.com/browse/RPL-661 Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462 Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193 -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Oct. 17, 2018
Action Type Old Value New Value Removed Reference http://www.securityfocus.com/archive/1/archive/1/447153/100/0/threaded [No Types Assigned] Added Reference http://www.securityfocus.com/archive/1/447153/100/0/threaded [No Types Assigned] -
CVE Modified by [email protected]
Oct. 11, 2017
Action Type Old Value New Value Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1193 [Tool Signature, US Government Resource] Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10462 [No Types Assigned] Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193 [No Types Assigned] Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462 [No Types Assigned] -
CVE Modified by [email protected]
Jul. 20, 2017
Action Type Old Value New Value Removed Reference http://xforce.iss.net/xforce/xfdb/29158 [No Types Assigned] Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/29158 [No Types Assigned] -
CVE Translated by [email protected]
Oct. 20, 2016
Action Type Old Value New Value Removed Translation sshd en OpenSSH versiones anteriores a 4.4, al usar la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante un paquete SSH que contiene bloques duplicados, que no es gestionado apropiadamente por el detector de ataques de compensación CRC. Added Translation sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC. -
CVE Modified by [email protected]
Oct. 18, 2016
Action Type Old Value New Value Removed Reference http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2 Added Reference http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 -
Initial Analysis by [email protected]
Sep. 27, 2006
Action Type Old Value New Value
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2006-4924 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2006-4924
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
44.42 }} -0.83%
score
0.97300
percentile