Re: [FreeBSD-Announce] FreeBSD Security Advisory

On Sat, 30 Sep 2006, FreeBSD Security Advisories wrote:
> III. Impact
>
> An attacker sending specially crafted packets to sshd(8) can cause a
> Denial of Service by using 100% of CPU time until a connection timeout
> occurs.  Since this attack can be performed over multiple connections
> simultaneously, it is possible to cause up to MaxStartups (10 by default)
> sshd processes to use all the CPU time they can obtain.  [CVE-2006-4924]
>
> The OpenSSH project believe that the race condition can lead to a Denial
> of Service or potentially remote code execution, but the FreeBSD Security
> Team has been unable to verify the exact impact.  [CVE-2006-5051]
>
> IV.  Workaround
>
> The attack against the CRC compensation attack detector can be avoided
> by disabling SSH Protocol version 1 support in sshd_config(5).
>
> There is no workaround for the second issue.

Doesn't TCP wrappers restriction mitigate or work around this issue or 
is it done too late ?

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"