CVE-2006-0883 — Freebsd vulnerability

CWE-3997 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.0%

top 16.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Freebsd

Timeline

PublishedMar 7

Latest updateMay 3

Description

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:3.8.1p1-4+3

▶NVDopenbsd/openssh3.8.1p1

Also affects: Freebsd 5.3, 5.4

Patches

Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-9x7m-vh7w-2mvh: OpenSSH on FreeBSD 5↗2022-05-03

▶

CVEList

CVE-2006-0883: OpenSSH on FreeBSD 5↗2006-03-07

▶

OSV

CVE-2006-0883: OpenSSH on FreeBSD 5↗2006-03-07

▶

📋Vendor Advisories

BSD

FreeBSD-SA-06:09.openssh: Remote denial of service in OpenSSH↗2006-03-01

▶

Debian

CVE-2006-0883: openssh - OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle...↗2006

▶

Red Hat

CVE-2006-0883: OpenSSH on FreeBSD 5↗

▶