CVE-2006-4924

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Affected Software

Name	Vendor	Start Version	End Version
Openssh	Openbsd	1.2 (including)	1.2 (including)
Openssh	Openbsd	1.2.1 (including)	1.2.1 (including)
Openssh	Openbsd	1.2.2 (including)	1.2.2 (including)
Openssh	Openbsd	1.2.3 (including)	1.2.3 (including)
Openssh	Openbsd	1.2.27 (including)	1.2.27 (including)
Openssh	Openbsd	2.1 (including)	2.1 (including)
Openssh	Openbsd	2.1.1 (including)	2.1.1 (including)
Openssh	Openbsd	2.2 (including)	2.2 (including)
Openssh	Openbsd	2.3 (including)	2.3 (including)
Openssh	Openbsd	2.5 (including)	2.5 (including)
Openssh	Openbsd	2.5.1 (including)	2.5.1 (including)
Openssh	Openbsd	2.5.2 (including)	2.5.2 (including)
Openssh	Openbsd	2.9 (including)	2.9 (including)
Openssh	Openbsd	2.9.9 (including)	2.9.9 (including)
Openssh	Openbsd	2.9.9p2 (including)	2.9.9p2 (including)
Openssh	Openbsd	2.9p1 (including)	2.9p1 (including)
Openssh	Openbsd	2.9p2 (including)	2.9p2 (including)
Openssh	Openbsd	3.0 (including)	3.0 (including)
Openssh	Openbsd	3.0.1 (including)	3.0.1 (including)
Openssh	Openbsd	3.0.1p1 (including)	3.0.1p1 (including)
Openssh	Openbsd	3.0.2 (including)	3.0.2 (including)
Openssh	Openbsd	3.0.2p1 (including)	3.0.2p1 (including)
Openssh	Openbsd	3.0p1 (including)	3.0p1 (including)
Openssh	Openbsd	3.1 (including)	3.1 (including)
Openssh	Openbsd	3.1p1 (including)	3.1p1 (including)
Openssh	Openbsd	3.2 (including)	3.2 (including)
Openssh	Openbsd	3.2.2 (including)	3.2.2 (including)
Openssh	Openbsd	3.2.2p1 (including)	3.2.2p1 (including)
Openssh	Openbsd	3.2.3p1 (including)	3.2.3p1 (including)
Openssh	Openbsd	3.3 (including)	3.3 (including)
Openssh	Openbsd	3.3p1 (including)	3.3p1 (including)
Openssh	Openbsd	3.4 (including)	3.4 (including)
Openssh	Openbsd	3.4p1 (including)	3.4p1 (including)
Openssh	Openbsd	3.5 (including)	3.5 (including)
Openssh	Openbsd	3.5p1 (including)	3.5p1 (including)
Openssh	Openbsd	3.6 (including)	3.6 (including)
Openssh	Openbsd	3.6.1 (including)	3.6.1 (including)
Openssh	Openbsd	3.6.1p1 (including)	3.6.1p1 (including)
Openssh	Openbsd	3.6.1p2 (including)	3.6.1p2 (including)
Openssh	Openbsd	3.7 (including)	3.7 (including)
Openssh	Openbsd	3.7.1 (including)	3.7.1 (including)
Openssh	Openbsd	3.7.1p1 (including)	3.7.1p1 (including)
Openssh	Openbsd	3.7.1p2 (including)	3.7.1p2 (including)
Openssh	Openbsd	3.8 (including)	3.8 (including)
Openssh	Openbsd	3.8.1 (including)	3.8.1 (including)
Openssh	Openbsd	3.8.1p1 (including)	3.8.1p1 (including)
Openssh	Openbsd	3.9 (including)	3.9 (including)
Openssh	Openbsd	3.9.1 (including)	3.9.1 (including)
Openssh	Openbsd	3.9.1p1 (including)	3.9.1p1 (including)
Openssh	Openbsd	4.0 (including)	4.0 (including)
Openssh	Openbsd	4.0p1 (including)	4.0p1 (including)
Openssh	Openbsd	4.1p1 (including)	4.1p1 (including)
Openssh	Openbsd	4.2 (including)	4.2 (including)
Openssh	Openbsd	4.2p1 (including)	4.2p1 (including)
Openssh	Openbsd	4.3 (including)	4.3 (including)
Openssh	Openbsd	4.3p1 (including)	4.3p1 (including)
Red Hat Enterprise Linux 2.1	RedHat	openssh-0:3.1p1-21	*
Red Hat Enterprise Linux 3	RedHat	openssh-0:3.6.1p2-33.30.12	*
Red Hat Enterprise Linux 4	RedHat	openssh-0:3.9p1-8.RHEL4.17	*
Openssh	Ubuntu	dapper	*
Openssh	Ubuntu	devel	*
Openssh	Ubuntu	edgy	*
Openssh	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4924
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References