QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4109

Published: Sep 17, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

openssh-signalhandler-dos(45202)

vdb-entry

third-party-advisory

vdb-entry

vendor-advisory

SUSE-SR:2008:020

vendor-advisory

third-party-advisory

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678

third-party-advisory

[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.