sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | 3.6.1p2 (including) | 3.6.1p2 (including) |
Openssh | Openbsd | 3.7.1p2 (including) | 3.7.1p2 (including) |
Red Hat Enterprise Linux 3 | RedHat | openssh-0:3.6.1p2-33.30.6 | * |