[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Possible DOS issue in OpenSSH ssh client

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
From: Espen Grøndahl <espen@xxxxxxxxxxxxx>
Date: Tue, 13 Jun 2006 14:54:51 +0200

During some testing I found a possible bug/issue with OpenSSH ssh client.

 

 

MachineA # cat < /dev/zero | nc ?l ?p 3000

 

MachineB# ssh someone@MachineA ?p 3000

 

I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9.

 

 

This consumes 50-100% of available CPU time on MachineB ( depending on the
bandwith between them ).

 

This could be used in a denial of service attack ? or could be used to stop
( or at least annoy ) ssh bruteforcers :-)

 

But of course it would also consume my upstream bandwith??.

 

 

Espen

 

http://espen.mine.nu <http://espen.mine.nu/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
  - From: Paul Schmehl
- Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
  - From: kaosone

Prev by Date: [Full-disclosure] Immunity: Word 0-day issue is problem in Smart Tags
Next by Date: Re: Re: [Full-disclosure] repeated port 21 attempts
Previous by thread: [Full-disclosure] Immunity: Word 0-day issue is problem in Smart Tags
Next by thread: Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
Index(es):
- Date
- Thread