Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0883

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Published

2006-03-07T02:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	openssh	3.8.1p1	Yes
Operating System	freebsd	freebsd	5.3	Yes
Operating System	freebsd	freebsd	5.3	Yes
Operating System	freebsd	freebsd	5.3	Yes
Operating System	freebsd	freebsd	5.3	Yes
Operating System	freebsd	freebsd	5.4	Yes
Operating System	freebsd	freebsd	5.4	Yes
Operating System	freebsd	freebsd	5.4	Yes
Operating System	freebsd	freebsd	5.4	Yes

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc ([email protected])
http://bugzilla.mindrot.org/show_bug.cgi?id=839 ([email protected])
http://securityreason.com/securityalert/520 ([email protected])
http://securitytracker.com/id?1015706 Patch ([email protected])
http://www.osvdb.org/23797 ([email protected])
http://www.securityfocus.com/bid/16892 Patch ([email protected])
http://www.vupen.com/english/advisories/2006/0805 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 ([email protected])
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc (af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.mindrot.org/show_bug.cgi?id=839 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/520 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015706 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/23797 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16892 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0805 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25116 (af854a3a-2127-422b-91ae-364da2661108)