CVE-2006-4924
UnknownEPSS 34.67%
Last modified
CVE-2006-4924 is a vulnerability of currently unknown severity. sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.. EPSS estimates a 34.67% chance of exploitation in the next 30 days.
Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 1.2 |
| Openbsd | Openssh | 1.2.1 |
| Openbsd | Openssh | 1.2.2 |
| Openbsd | Openssh | 1.2.3 |
| Openbsd | Openssh | 1.2.27 |
| Openbsd | Openssh | 2.1 |
| Openbsd | Openssh | 2.1.1 |
| Openbsd | Openssh | 2.2 |
| Openbsd | Openssh | 2.3 |
| Openbsd | Openssh | 2.5 |
| Openbsd | Openssh | 2.5.1 |
| Openbsd | Openssh | 2.5.2 |
| Openbsd | Openssh | 2.9 |
| Openbsd | Openssh | 2.9.9 |
| Openbsd | Openssh | 2.9.9p2 |
| Openbsd | Openssh | 2.9p1 |
| Openbsd | Openssh | 2.9p2 |
| Openbsd | Openssh | 3.0 |
| Openbsd | Openssh | 3.0.1 |
| Openbsd | Openssh | 3.0.1p1 |
| Openbsd | Openssh | 3.0.2 |
| Openbsd | Openssh | 3.0.2p1 |
| Openbsd | Openssh | 3.0p1 |
| Openbsd | Openssh | 3.1 |
| Openbsd | Openssh | 3.1p1 |
| Openbsd | Openssh | 3.2 |
| Openbsd | Openssh | 3.2.2 |
| Openbsd | Openssh | 3.2.2p1 |
| Openbsd | Openssh | 3.2.3p1 |
| Openbsd | Openssh | 3.3 |
| Openbsd | Openssh | 3.3p1 |
| Openbsd | Openssh | 3.4 |
| Openbsd | Openssh | 3.4p1 |
| Openbsd | Openssh | 3.5 |
| Openbsd | Openssh | 3.5p1 |
| Openbsd | Openssh | 3.6 |
| Openbsd | Openssh | 3.6.1 |
| Openbsd | Openssh | 3.6.1p1 |
| Openbsd | Openssh | 3.6.1p2 |
| Openbsd | Openssh | 3.7 |
| Openbsd | Openssh | 3.7.1 |
| Openbsd | Openssh | 3.7.1p1 |
| Openbsd | Openssh | 3.7.1p2 |
| Openbsd | Openssh | 3.8 |
| Openbsd | Openssh | 3.8.1 |
| Openbsd | Openssh | 3.8.1p1 |
| Openbsd | Openssh | 3.9 |
| Openbsd | Openssh | 3.9.1 |
| Openbsd | Openssh | 3.9.1p1 |
| Openbsd | Openssh | 4.0 |
Showing 50 of 56 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/21923Vendor Advisory
- http://secunia.com/advisories/22091Vendor Advisory
- http://secunia.com/advisories/22116Vendor Advisory
- http://secunia.com/advisories/22158Vendor Advisory
- http://secunia.com/advisories/22164Vendor Advisory
- http://secunia.com/advisories/22183Vendor Advisory
- http://secunia.com/advisories/22196Vendor Advisory
- http://secunia.com/advisories/22208Vendor Advisory
- http://secunia.com/advisories/22236Vendor Advisory
- http://secunia.com/advisories/22245Vendor Advisory
- http://secunia.com/advisories/22270Vendor Advisory
- http://secunia.com/advisories/22298Vendor Advisory
- http://secunia.com/advisories/22352Vendor Advisory
- http://secunia.com/advisories/22362Vendor Advisory
- http://secunia.com/advisories/22487Vendor Advisory
- http://secunia.com/advisories/22495Vendor Advisory
- http://secunia.com/advisories/22823Vendor Advisory
- http://secunia.com/advisories/22926Vendor Advisory
- http://secunia.com/advisories/23038Vendor Advisory
- http://secunia.com/advisories/23241Vendor Advisory
- http://secunia.com/advisories/23340Vendor Advisory
- http://www.kb.cert.org/vuls/id/787448US Government Resource
- http://www.securityfocus.com/bid/20216Exploit, Patch
- http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955Patch, Vendor Advisory
- http://secunia.com/advisories/21923Vendor Advisory
- http://secunia.com/advisories/22091Vendor Advisory
- http://secunia.com/advisories/22116Vendor Advisory
- http://secunia.com/advisories/22158Vendor Advisory
- http://secunia.com/advisories/22164Vendor Advisory
- http://secunia.com/advisories/22183Vendor Advisory
- http://secunia.com/advisories/22196Vendor Advisory
- http://secunia.com/advisories/22208Vendor Advisory
- http://secunia.com/advisories/22236Vendor Advisory
- http://secunia.com/advisories/22245Vendor Advisory
- http://secunia.com/advisories/22270Vendor Advisory
- http://secunia.com/advisories/22298Vendor Advisory
- http://secunia.com/advisories/22352Vendor Advisory
- http://secunia.com/advisories/22362Vendor Advisory
- http://secunia.com/advisories/22487Vendor Advisory
- http://secunia.com/advisories/22495Vendor Advisory
- http://secunia.com/advisories/22823Vendor Advisory
- http://secunia.com/advisories/22926Vendor Advisory
- http://secunia.com/advisories/23038Vendor Advisory
- http://secunia.com/advisories/23241Vendor Advisory
- http://secunia.com/advisories/23340Vendor Advisory
- http://www.kb.cert.org/vuls/id/787448US Government Resource
- http://www.securityfocus.com/bid/20216Exploit, Patch
- http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4924?
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
How severe is CVE-2006-4924?
Severity scoring for CVE-2006-4924 is pending analysis. The EPSS model estimates a 34.67% probability of exploitation in the next 30 days.
How do I fix CVE-2006-4924?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-4924?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST