CVE-2004-2069

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions OpenSSH versions 3.6.1p2 and 3.7.1p2

Description The issue occurs in the sshd.c component of OpenSSH when using privilege separation. It does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting. This leaves the connection open, allowing remote attackers to cause a denial of service by consuming connections.

Recommendations For OpenSSH versions 3.6.1p2 and 3.7.1p2, consider updating to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

CVE-2004-2069

RHSA-2005:550

RHSA-2005_550

Affected Products

Alt Linux

Openssh

Red Hat

CVE-2004-2069

Related Identifiers

Affected Products

References · 378