CVE-2008-4109

Опубликовано: 18 сент. 2008

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:debian:linux:unknown:unknown:etch:*:*:*:*:*

Одно из

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия до 4.3p2 (включая)

cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:a:debian:linux:unknown:unknown:sid:*:*:*:*:*

Одно из

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Версия до 4.6 (включая)

cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01128

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2008-4109

ubuntu

больше 17 лет назад

CVE-2008-4109

debian

больше 17 лет назад

A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...

GHSA-6wrv-35h9-3pj7

github

почти 4 года назад

BDU:2015-01962

fstec

около 11 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

BDU:2015-01961

fstec

около 11 лет назад

EPSS

Процентиль: 78%

0.01128

Низкий

5 Medium

CVSS2

Дефекты

CWE-264