CVE-2006-4924

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 4.4 OpenSSH version 3.1p1 openssh-askpass versions prior to 4.3 p2-r5 openssh-askpass-gnome version 3.1p1 openssh-clients version 3.1p1 openssh-server version 3.1p1

Description: The issue concerns multiple vulnerabilities in the OpenSSH package, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The problem affects various versions of OpenSSH, including those used in openSUSE and Red Hat Enterprise Linux operating systems. In one specific case, the vulnerability in OpenSSH before version 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service via an SSH packet containing duplicate blocks that are not properly handled by the CRC compensation attack detector.

Recommendations: For OpenSSH versions prior to 4.4, update to version 4.4 or later. For OpenSSH version 3.1p1, consider upgrading to a newer version or applying available patches. For openssh-askpass versions prior to 4.3 p2-r5, update to version 4.3 p2-r5 or later. For openssh-askpass-gnome version 3.1p1, openssh-clients version 3.1p1, and openssh-server version 3.1p1, consider upgrading to newer versions or applying available patches. As a temporary workaround, consider restricting access to the vulnerable OpenSSH components until a patch is available.