CVE-2008-0132

Name of the Vulnerable Software and Affected Versions Pragma FortressSSH versions 5.0 Build 4 Revision 293 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically connection slot exhaustion, by flooding the system with SSH connections containing long data objects. This can be achieved through various means, such as providing a long list of keys or using a long username.

Recommendations For Pragma FortressSSH versions 5.0 Build 4 Revision 293 and earlier, consider implementing rate limiting on incoming SSH connections to mitigate the risk of connection slot exhaustion. Additionally, as a temporary workaround, restrict the maximum allowed length for usernames and keys to prevent abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.