[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client

Subject: Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Tue, 13 Jun 2006 11:22:39 -0500

Espen Grøndahl wrote:

During some testing I found a possible bug/issue with OpenSSH ssh client.

MachineA # cat < /dev/zero | nc –l –p 3000

MachineB# ssh someone@MachineA –p 3000

I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9.

This consumes 50-100% of available CPU time on MachineB ( depending on the
bandwith between them ).

What did the ssh client do? Did it eventually time out (as you wouldexpect)? Or did it hang and never disconnect?


--
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Possible DOS issue in OpenSSH ssh client
  - From: Espen Grøndahl

Prev by Date: Re: Re: [Full-disclosure] repeated port 21 attempts
Next by Date: Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
Previous by thread: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
Next by thread: Re: [Full-disclosure] Possible DOS issue in OpenSSH ssh client
Index(es):
- Date
- Thread