CVE-2010-5107

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 p1-r1 OpenSSH through 6.1 VMware vCenter Server (affected versions not specified) Check Point GAiA (affected versions not specified)

Description The issue is related to a mechanism in OpenSSH that can cause a denial of service when the authentication procedure is performed, especially if the logingracetime and maxstartup values differ from their default settings. By increasing the number of requests to the service, a remote attacker can prevent other users from logging in. The default configuration of OpenSSH enforces a fixed time limit between establishing a TCP connection and completing a login, making it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. Multiple vulnerabilities in the OpenSSH package can lead to violations of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For OpenSSH versions prior to 6.6 p1-r1, update to version 6.6 p1-r1 or later to resolve the issue. For OpenSSH through 6.1, consider increasing the connection timeout value to mitigate the risk of connection-slot exhaustion. For VMware vCenter Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Check Point GAiA, at the moment, there is no information about a newer version that contains a fix for this vulnerability.