National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2006-0883 Detail

Current Description

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: N/A
NVD score not yet provided.

Vendor Statements (disclaimer)

Official Statement from Red Hat (08/30/2006)

This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc
http://bugzilla.mindrot.org/show_bug.cgi?id=839
http://securityreason.com/securityalert/520
http://securitytracker.com/id?1015706 Patch
http://www.securityfocus.com/bid/16892 Patch
http://www.vupen.com/english/advisories/2006/0805 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25116

Weakness Enumeration

CWE-ID CWE Name Source
CWE-399 Resource Management Errors NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:openbsd:openssh:3.8.1p1
     Show Matching CPE(s)

Configuration 2 ( hide )
 cpe:/o:freebsd:freebsd:5.3
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.3:release
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.3:releng
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.3:stable
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.4:pre-release
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.4:release
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.4:releng
     Show Matching CPE(s)
 cpe:/o:freebsd:freebsd:5.4:stable
     Show Matching CPE(s)


Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2006-0883
NVD Published Date:
03/06/2006
NVD Last Modified:
07/19/2017