On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote: > III. Impact > > An attacker sending specially crafted packets to sshd(8) can cause a > Denial of Service by using 100% of CPU time until a connection timeout > occurs. Since this attack can be performed over multiple connections > simultaneously, it is possible to cause up to MaxStartups (10 by default) > sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] > > The OpenSSH project believe that the race condition can lead to a Denial > of Service or potentially remote code execution, but the FreeBSD Security > Team has been unable to verify the exact impact. [CVE-2006-5051] > > IV. Workaround > > The attack against the CRC compensation attack detector can be avoided > by disabling SSH Protocol version 1 support in sshd_config(5). > > There is no workaround for the second issue. Doesn't TCP wrappers restriction mitigate or work around this issue or is it done too late ? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"