Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))

Information

Severity

Severity

Critical

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6) announced via advisory DSA 1212-1. Two denial of service vulnerabilities have been found in the OpenSSH server. CVE-2006-4924 The sshd support for ssh protcol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. CVE-2006-5051 A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.

Solution

Solution

For the stable distribution (sarge), these problems have been fixed in version 1:3.8.1p1-8.sarge.6 For the unstable and testing distributions, these problems have been fixed in version 1:4.3p2-4 We recommend that you upgrade your openssh package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201212-1

Common Vulnerabilities and Exposures (CVE)