exploits , vulnerabilities , articles , OpenSSH Duplicated Block Remote Denial of Service Vulnerability

Title	OpenSSH Duplicated Block Remote Denial of Service Vulnerability
Published	2006-09-26-12:00AM
Updated	2009-03-17-03:46PM
Class	Design Error
CVE	CVE-2006-4924
Remote	Yes
Local	No
Credit	Tavis Ormandy of the Google Security Team reported this issue to the vendor.
Vulnerable	Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 TransSoft Broker FTP Server 7.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 10_x86 Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun Solaris 10 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current SGI ProPack 3.0 SP6 SCO Unixware 7.1.4 SCO Unixware 7.1.3 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux OpenXchange 4.1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. OpenEnterpriseServer 9.0 S.u.S.E. OpenEnterpriseServer 1 S.u.S.E. OpenEnterpriseServer 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server SDK 9 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 OpenSSH OpenSSH 4.3p2 OpenSSH OpenSSH 4.3p1 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.4 OpenPKG OpenPKG 2.3 OpenPKG OpenPKG 2.2 OpenPKG OpenPKG 2.1 OpenPKG OpenPKG 2.0 OpenPKG OpenPKG Current OpenBSD OpenSSH 3.8.1 p1 OpenBSD OpenSSH 3.0.2 p1 OpenBSD OpenSSH 3.0.2 OpenBSD OpenSSH 3.0.2 OpenBSD OpenSSH 3.0.1 p1 Trustix Secure Linux 1.5 Trustix Secure Linux 1.2 Trustix Secure Linux 1.1 OpenBSD OpenSSH 3.0.1 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 OpenBSD OpenBSD 2.9 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenSSH 3.0 p1 OpenBSD OpenSSH 3.0 OpenBSD OpenSSH 2.9 p2 OpenBSD OpenSSH 2.9 p1 OpenBSD OpenSSH 2.9 OpenBSD OpenSSH 2.5.2 p2 OpenBSD OpenSSH 2.5.2 OpenBSD OpenSSH 2.3.1 p1 OpenBSD OpenSSH 2.3.1 OpenBSD OpenSSH 2.2 .x OpenBSD OpenSSH 2.2 .0 OpenBSD OpenSSH 2.1.1 p1 OpenBSD OpenSSH 2.1.1 OpenBSD OpenSSH 2.1 .x OpenBSD OpenSSH 2.1 OpenBSD OpenSSH 1.2.3 OpenBSD OpenSSH 1.2 OpenBSD OpenSSH 1.0 .x OpenBSD OpenSSH 4.3p1 OpenBSD OpenSSH 4.3 OpenBSD OpenSSH 4.2p1 OpenBSD OpenSSH 4.2 OpenBSD OpenSSH 4.1 OpenBSD OpenSSH 4.0 OpenBSD OpenSSH 3.9 p1 OpenBSD OpenBSD 3.9 OpenBSD OpenBSD 3.8 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2006.0 x86_64 MandrakeSoft Linux Mandrake 2006.0 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IBM Hardware Management Console (HMC) for pSeries 5.0 R1.0 IBM Hardware Management Console (HMC) for pSeries 4.0 R5.0 IBM Hardware Management Console (HMC) for pSeries 4.0 R4.0 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.3 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.2 IBM Hardware Management Console (HMC) for pSeries 4.0 R3.1 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.1 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for pSeries 3.3.7 IBM Hardware Management Console (HMC) for pSeries 3.3.2 IBM Hardware Management Console (HMC) for pSeries 3.0 R3.6 IBM Hardware Management Console (HMC) for pSeries 4 IBM Hardware Management Console (HMC) for pSeries 3 IBM Hardware Management Console (HMC) for iSeries 5.0 R1.0 IBM Hardware Management Console (HMC) for iSeries 4.0 R5.0 IBM Hardware Management Console (HMC) for iSeries 4.0 R4.0 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.3 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.2 IBM Hardware Management Console (HMC) for iSeries 4.0 R3.1 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.1 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for iSeries 4.0 IBM Hardware Management Console (HMC) for iSeries 3.3.7 IBM Hardware Management Console (HMC) for iSeries 3.3.2 IBM Hardware Management Console (HMC) for iSeries 3.0 R3.6 IBM Hardware Management Console (HMC) 5.2.1 IBM Hardware Management Console (HMC) 3.3.7 IBM AIX 5.3 L IBM AIX 5.2.2 IBM AIX 5.2 L IBM AIX 5.3 IBM AIX 5.2 HP HPUX B.11.23 HP HPUX B.11.11 Globus GSIOpenSSH 3.8 Globus GSIOpenSSH 3.7 Globus Globus Toolkit 4.1.1 Globus Globus Toolkit 4.1 Globus Globus Toolkit 4.0.3 Globus Globus Toolkit 4.0.2 Globus Globus Toolkit 4.0.1 Gentoo netmisc/openssh 4.3 Gentoo netmisc/openssh 4.2 Gentoo Linux FreeBSD FreeBSD 6.0 STABLE FreeBSD FreeBSD 6.0 RELEASE FreeBSD FreeBSD 5.5 STABLE FreeBSD FreeBSD 5.5 RELEASE FreeBSD FreeBSD 5.4 RELENG FreeBSD FreeBSD 5.4 RELEASE FreeBSD FreeBSD 5.4 PRERELEASE FreeBSD FreeBSD 5.3 STABLE FreeBSD FreeBSD 5.3 RELENG FreeBSD FreeBSD 5.3 RELEASE FreeBSD FreeBSD 5.3 FreeBSD FreeBSD 5.2.1 RELEASE FreeBSD FreeBSD 5.2 RELENG FreeBSD FreeBSD 5.2 RELEASE FreeBSD FreeBSD 5.2 FreeBSD FreeBSD 5.1 RELENG FreeBSD FreeBSD 5.1 RELEASE/Alpha FreeBSD FreeBSD 5.1 RELEASEp5 FreeBSD FreeBSD 5.1 RELEASE FreeBSD FreeBSD 5.1 FreeBSD FreeBSD 5.0 RELENG FreeBSD FreeBSD 5.0 RELEASEp14 FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.11 STABLE FreeBSD FreeBSD 4.11 RELENG FreeBSD FreeBSD 4.11 RELEASEp3 FreeBSD FreeBSD 4.11 RELEASEp20 FreeBSD FreeBSD 4.11 RELEASE FreeBSD FreeBSD 4.10 RELENG FreeBSD FreeBSD 4.10 RELEASEp8 FreeBSD FreeBSD 4.10 RELEASE FreeBSD FreeBSD 4.10 FreeBSD FreeBSD 4.9 RELENG FreeBSD FreeBSD 4.9 PRERELEASE FreeBSD FreeBSD 4.9 FreeBSD FreeBSD 4.8 RELENG FreeBSD FreeBSD 4.8 RELEASEp7 FreeBSD FreeBSD 4.8 PRERELEASE FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 STABLE FreeBSD FreeBSD 4.7 RELENG FreeBSD FreeBSD 4.7 RELEASEp17 FreeBSD FreeBSD 4.7 RELEASE FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6.2 FreeBSD FreeBSD 4.6 STABLE FreeBSD FreeBSD 4.6 RELENG FreeBSD FreeBSD 4.6 RELEASEp20 FreeBSD FreeBSD 4.6 RELEASE FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.5 STABLEpre20020307 FreeBSD FreeBSD 4.5 STABLE FreeBSD FreeBSD 4.5 RELENG FreeBSD FreeBSD 4.5 RELEASEp32 FreeBSD FreeBSD 4.5 RELEASE FreeBSD FreeBSD 4.5 FreeBSD FreeBSD 4.4 STABLE FreeBSD FreeBSD 4.4 RELENG FreeBSD FreeBSD 4.4 RELENG FreeBSD FreeBSD 4.4 RELEASEp42 FreeBSD FreeBSD 4.4 FreeBSD FreeBSD 4.3 STABLE FreeBSD FreeBSD 4.3 RELENG FreeBSD FreeBSD 4.3 RELEASEp38 FreeBSD FreeBSD 4.3 RELEASE FreeBSD FreeBSD 4.3 FreeBSD FreeBSD 4.2 STABLEpre122300 FreeBSD FreeBSD 4.2 STABLEpre050201 FreeBSD FreeBSD 4.2 STABLE FreeBSD FreeBSD 4.2 RELEASE FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.1.1 STABLE FreeBSD FreeBSD 4.1.1 RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 .x FreeBSD FreeBSD 4.0 RELENG FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 STABLEpre20010720 FreeBSD FreeBSD 3.5.1 STABLE FreeBSD FreeBSD 3.5.1 RELEASE FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5 x FreeBSD FreeBSD 3.5 STABLEpre122300 FreeBSD FreeBSD 3.5 STABLEpre050201 FreeBSD FreeBSD 3.5 STABLE FreeBSD FreeBSD 3.5 FreeBSD FreeBSD 3.4 x FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 x FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 x FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 x FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 RELENG FreeBSD FreeBSD 3.0 FreeBSD FreeBSD 2.2.8 FreeBSD FreeBSD 2.2.6 FreeBSD FreeBSD 2.2.5 FreeBSD FreeBSD 2.2.4 FreeBSD FreeBSD 2.2.3 FreeBSD FreeBSD 2.2.2 FreeBSD FreeBSD 2.2 x FreeBSD FreeBSD 2.2 FreeBSD FreeBSD 2.1.7 .1 FreeBSD FreeBSD 2.1.6 .1 FreeBSD FreeBSD 2.1.6 FreeBSD FreeBSD 2.1.5 FreeBSD FreeBSD 2.1 x FreeBSD FreeBSD 2.1 FreeBSD FreeBSD 2.0.5 FreeBSD FreeBSD 2.0 FreeBSD FreeBSD 1.1.5 .1 FreeBSD FreeBSD 6.1 STABLE FreeBSD FreeBSD 6.1 RELEASE FreeBSD FreeBSD 5.4STABLE FreeBSD FreeBSD 4.10PRERELEASE FreeBSD FreeBSD 3.x FreeBSD FreeBSD 2.x Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Blue Coat Systems ProxySG 5.2.4 3 Blue Coat Systems ProxySG 5.2.2 .5 Blue Coat Systems ProxySG 4.2.8 7 Blue Coat Systems ProxySG 4.2.6 .1 Blue Coat Systems ProxySG 4.2.1 .6 Blue Coat Systems ProxySG 5.2 Blue Coat Systems ProxySG 4.3 Blue Coat Systems ProxySG 4.2 Avaya Predictive Dialing System (PDS) 11.0 Avaya Predictive Dialing System (PDS) 11.11 Avaya Predictive Dialer 0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9
Not Vulnerable	OpenBSD OpenSSH 4.4 Globus GSI-OpenSSH 3.9 Globus Globus Toolkit 4.0.4 Blue Coat Systems ProxySG 5.2.6 Blue Coat Systems ProxySG 4.3.3 Blue Coat Systems ProxySG 4.2.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X 10.4.9
Code	To exploit this issue, attackers likely use a modified OpenSSH client or perhaps readily available network utilities that replay packets.The following proof-of-concept exploit is available: /data/vulnerabilities/exploits/20216.sh
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-11-06 Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
• 2009-11-05 Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
• 2009-11-05 Pablo Software Solutions Baby Web Server Multiple Request Remote Denial of Service Vulnerability
• 2009-11-05 Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
• 2009-11-05 Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
• 2009-11-05 Drupal Organic Groups Vocabulary Group Title HTML Injection Vulnerability
• 2009-11-05 IBM PowerHA Cluster Management Unauthorized Access Vulnerability
• 2009-11-05 HP Power Manager Unspecified Remote Code Execution Vulnerability
• 2009-11-05 Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
• 2009-11-04 Roundcube Webmail index.PHP Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sun, 08 Nov 2009 20:24:15 +0000