Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-4109 (GCVE-0-2008-4109)
Vulnerability from cvelistv5 – Published: 2008-09-17 18:06 – Updated: 2024-08-07 10:00
VLAI?
EPSS
Summary
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2008-4109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T17:46:27.119928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:46:34.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-649-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"name": "31885",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "DSA-1638",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "SUSE-SR:2008:020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/32080"
},
{
"tags": [
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "32181",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/32181"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T10:06:08.789Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-649-1",
"tags": [
"vendor-advisory"
],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"name": "31885",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "DSA-1638",
"tags": [
"vendor-advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "SUSE-SR:2008:020",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32080",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/32080"
},
{
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "32181",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/32181"
},
{
"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4109",
"datePublished": "2008-09-17T18:06:00.000Z",
"dateReserved": "2008-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.ubuntu.com/usn/usn-649-1\", \"name\": \"USN-649-1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45202\", \"name\": \"openssh-signalhandler-dos(45202)\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/31885\", \"name\": \"31885\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id?1020891\", \"name\": \"1020891\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1638\", \"name\": \"DSA-1638\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html\", \"name\": \"SUSE-SR:2008:020\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/32080\", \"name\": \"32080\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://secunia.com/advisories/32181\", \"name\": \"32181\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/01/3\", \"name\": \"[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-07T10:00:42.727Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2008-4109\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-24T17:46:27.119928Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-24T17:46:31.084Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2008-09-16T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.ubuntu.com/usn/usn-649-1\", \"name\": \"USN-649-1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/45202\", \"name\": \"openssh-signalhandler-dos(45202)\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://secunia.com/advisories/31885\", \"name\": \"31885\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"http://www.securitytracker.com/id?1020891\", \"name\": \"1020891\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"http://www.debian.org/security/2008/dsa-1638\", \"name\": \"DSA-1638\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html\", \"name\": \"SUSE-SR:2008:020\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://secunia.com/advisories/32080\", \"name\": \"32080\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678\"}, {\"url\": \"http://secunia.com/advisories/32181\", \"name\": \"32181\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/01/3\", \"name\": \"[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-07-01T10:06:08.789Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2008-4109\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-07T10:00:42.727Z\", \"dateReserved\": \"2008-09-16T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2008-09-17T18:06:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-6WRV-35H9-3PJ7
Vulnerability from github – Published: 2022-05-02 00:06 – Updated: 2024-07-01 15:31
VLAI?
Details
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
{
"affected": [],
"aliases": [
"CVE-2008-4109"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-09-18T15:04:00Z",
"severity": "MODERATE"
},
"details": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.",
"id": "GHSA-6wrv-35h9-3pj7",
"modified": "2024-07-01T15:31:59Z",
"published": "2022-05-02T00:06:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4109"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31885"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32080"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/32181"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1020891"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-649-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTFR-2024-AVI-0811
Vulnerability from certfr_avis - Published: 2024-09-25 - Updated: 2024-09-25
De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 5.8.x à 6.5.x de Deep Discovery Inspector sont affectées par les vulnérabilités CVE-2024-46902 et CVE-2024-46903 mais ne bénéficieront pas de correctifs de sécurité. Deep Discovery Inspector et Deep Discovery Email Inspector sont affectés par la vulnérabilité CVE-2024-6387; il est nécessaire de contacter l'éditeur pour accéder aux correctifs.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Service Gateway | Service Gateway versions antérieures à 3.0.10 | ||
| Trend Micro | Deep Discovery Inspector | Deep Discovery Inspector versions 6.7.x antérieures à 6.7 Cp 1107 | ||
| Trend Micro | Deep Discovery Inspector | Deep Discovery Inspector versions 6.6.x antérieures à 6.6 Cp 1097 | ||
| Trend Micro | Trend Micro Web Gateway | Trend Micro Web Gateway versions antérieures à 3.9.5.5840 | ||
| Trend Micro | Deep Discovery Mail Inspector | Deep Discovery Email Inspector sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Service Gateway versions ant\u00e9rieures \u00e0 3.0.10",
"product": {
"name": "Service Gateway",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Inspector versions 6.7.x ant\u00e9rieures \u00e0 6.7 Cp 1107",
"product": {
"name": "Deep Discovery Inspector",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Inspector versions 6.6.x ant\u00e9rieures \u00e0 6.6 Cp 1097",
"product": {
"name": "Deep Discovery Inspector",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Trend Micro Web Gateway\t versions ant\u00e9rieures \u00e0 3.9.5.5840",
"product": {
"name": "Trend Micro Web Gateway",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
},
{
"description": "Deep Discovery Email Inspector sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Deep Discovery Mail Inspector",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les versions 5.8.x \u00e0 6.5.x de Deep Discovery Inspector sont affect\u00e9es par les vuln\u00e9rabilit\u00e9s CVE-2024-46902 et CVE-2024-46903 mais ne b\u00e9n\u00e9ficieront pas de correctifs de s\u00e9curit\u00e9. \nDeep Discovery Inspector et Deep Discovery Email Inspector sont affect\u00e9s par la vuln\u00e9rabilit\u00e9 CVE-2024-6387; il est n\u00e9cessaire de contacter l\u0027\u00e9diteur pour acc\u00e9der aux correctifs. ",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-46903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46903"
},
{
"name": "CVE-2024-46902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46902"
},
{
"name": "CVE-2006-5051",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2008-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4109"
}
],
"initial_release_date": "2024-09-25T00:00:00",
"last_revision_date": "2024-09-25T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0811",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
"vendor_advisories": [
{
"published_at": "2024-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017793",
"url": "https://success.trendmicro.com/en-US/solution/KA-0017793"
},
{
"published_at": "2024-09-05",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0016976",
"url": "https://success.trendmicro.com/en-US/solution/KA-0016976"
}
]
}
CERTA-2008-AVI-466
Vulnerability from certfr_avis - Published: 2008-09-18 - Updated: 2008-10-16
Une vulnérabilité présente dans le serveur OpenSSH de la version stable (etch ou 4.0) de la distribution GNU/Linux Debian permet à un utilisateur distant de provoquer un déni de service.
Description
Une vulnérabilité est présente dans le serveur OpenSSH utilisé dans la distribution GNU/Linux Debian 4.0. Elle est relative à la façon dont sont gérés les délais maximaux d'attente autorisés lors de la phase de connexion d'un client. Cette faille permet à un utilisateur distant de provoquer un déni de service du serveur vulnérable.
Solution
Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
OpenSSH server version 4.3p2-9etch2 inclus dans Debian 4.0.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eOpenSSH server version 4.3p2-9etch2 inclus dans \u003cTT\u003eDebian 4.0\u003c/TT\u003e.\u003c/P\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le serveur OpenSSH utilis\u00e9 dans la\ndistribution GNU/Linux Debian 4.0. Elle est relative \u00e0 la fa\u00e7on dont\nsont g\u00e9r\u00e9s les d\u00e9lais maximaux d\u0027attente autoris\u00e9s lors de la phase de\nconnexion d\u0027un client. Cette faille permet \u00e0 un utilisateur distant de\nprovoquer un d\u00e9ni de service du serveur vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4109"
}
],
"initial_release_date": "2008-09-18T00:00:00",
"last_revision_date": "2008-10-16T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-649-1 du 01 octobre 2008 :",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SR:2008:020 du 07 octobre 2008 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg0004.html"
}
],
"reference": "CERTA-2008-AVI-466",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2008-09-18T00:00:00.000000"
},
{
"description": "ajout des bulletins de s\u00e9curit\u00e9 Ubuntu et SuSE.",
"revision_date": "2008-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le serveur OpenSSH de la version stable\n(\u003cspan class=\"textit\"\u003eetch\u003c/span\u003e ou 4.0) de la distribution GNU/Linux\nDebian permet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 de OpenSSH pour Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1638 du 16 septembre 2008",
"url": "http://www.debian.org/security/2008/dsa-1638"
}
]
}
GSD-2008-4109
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-4109",
"description": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.",
"id": "GSD-2008-4109",
"references": [
"https://www.suse.com/security/cve/CVE-2008-4109.html",
"https://www.debian.org/security/2008/dsa-1638"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-4109"
],
"details": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.",
"id": "GSD-2008-4109",
"modified": "2023-12-13T01:22:59.515460Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-649-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"name": "31885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "DSA-1638",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "SUSE-SR:2008:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32080"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "32181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32181"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:debian:linux:unknown:unknown:etch:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3p2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:debian:linux:unknown:unknown:sid:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4109"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"name": "DSA-1638",
"refsource": "DEBIAN",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"name": "31885",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31885"
},
{
"name": "1020891",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1020891"
},
{
"name": "SUSE-SR:2008:020",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "32181",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32181"
},
{
"name": "32080",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32080"
},
{
"name": "USN-649-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"name": "openssh-signalhandler-dos(45202)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-08-08T01:32Z",
"publishedDate": "2008-09-18T15:04Z"
}
}
}
FKIE_CVE-2008-4109
Vulnerability from fkie_nvd - Published: 2008-09-18 15:04 - Updated: 2025-04-09 00:30
Severity ?
Summary
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:linux:unknown:unknown:etch:*:*:*:*:*",
"matchCriteriaId": "3CFF5E16-B757-4F51-9896-EA47AEBD5A91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B74B16-DE22-4206-891D-5EB3BC4F58C6",
"versionEndIncluding": "4.3p2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:linux:unknown:unknown:sid:*:*:*:*:*",
"matchCriteriaId": "0E64AB89-A4A4-4FD8-A22A-B03D24650B4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A410C8F9-717C-4657-91DD-BAEAB53ECC16",
"versionEndIncluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE60A415-91E3-4819-A252-E86A32EC3018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EED5E506-9D2B-4CAF-8455-B9BE7696E49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CB94E-0479-4939-86F6-0B4BEDE2E739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78135400-BA1A-42AA-BE17-5588442BCF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2EDC0-3189-4523-882B-9188C852F793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEF5203-9D6B-4431-BF0D-C81B1E250AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2991C07-5486-4590-A74E-46A379DD3339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB9BE06-0A36-4853-ADF4-9C1A1854278A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC57F38-6545-497B-B6DA-FCAF51755988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "80C55B73-497D-4A22-9230-A4160BF97344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B235167-9554-4431-88C5-9472DD36FCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051."
},
{
"lang": "es",
"value": "Cierto parche de Debian para OpenSSH en versiones anteriores a 4.3p2-9etch3 en etch, y versiones anteriores a 4.6p1-1 en sid y lenny, que utiliza funciones que no son se\u00f1ales as\u00edncronas seguras (async-signal-safe) en el gestor de se\u00f1ales para los tiempos de autentificado, el cual permite a los atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de la ranura de conexi\u00f3n) a trav\u00e9s de m\u00faltiples intentos de autenticaci\u00f3n. NOTA: esto existe por una incorrecta soluci\u00f3n de CVE-2006-5051."
}
],
"id": "CVE-2008-4109",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-18T15:04:27.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31885"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32080"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020891"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-649-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. The patch used to fix CVE-2006-5051 in Red Hat Enterprise Linux 2.1, 3, 4, and 5 was complete and does not suffer from this problem.",
"lastModified": "2017-08-07T21:32:25.653",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…