CVE-2010-5107
published 2013-03-07CVE-2010-5107: The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
16.51%
96.6th percentile
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:6.0p1-4 (bookworm) | openssh 1:6.0p1-4 (bookworm) |
| openbsd | openssh | <= 6.1 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Oracle SPARC Enterprise M3000/M4000/M5000/M8000/M9000 up to XCP 111x XCP Firmware denial of service (Nessus ID 71007 / ID 42413)
vuldb·2026-05-29·CVSS 7.5
CVE-2010-5107 [HIGH] Oracle SPARC Enterprise M3000/M4000/M5000/M8000/M9000 up to XCP 111x XCP Firmware denial of service (Nessus ID 71007 / ID 42413)
A vulnerability, which was classified as problematic, was found in Oracle SPARC Enterprise M3000, M4000, M5000, M8000 and M9000 up to XCP 111x. This impacts an unknown function of the component XCP Firmware. Executing a manipulation can lead to denial of service.
This vulnerability is registered as CVE-2010-5107. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
VulDB
OpenBSD OpenSSH up to 1.233 Default Configuration loginracetime/maxstartup denial of service (Nessus ID 71007 / ID 42413)
vuldb·2026-05-29·CVSS 7.5
CVE-2010-5107 [HIGH] OpenBSD OpenSSH up to 1.233 Default Configuration loginracetime/maxstartup denial of service (Nessus ID 71007 / ID 42413)
A vulnerability was found in OpenBSD OpenSSH up to 1.233. It has been declared as problematic. Affected is an unknown function of the component Default Configuration. Such manipulation of the argument loginracetime/maxstartup leads to denial of service.
This vulnerability is uniquely identified as CVE-2010-5107. The attack can be launched remotely. Moreover, an exploit is present.
It is recommended to upgrade the affected component.
GHSA
GHSA-w6q4-qg4h-298g: The default configuration of OpenSSH through 6
ghsa_unreviewed·2022-05-17
CVE-2010-5107 [MEDIUM] GHSA-w6q4-qg4h-298g: The default configuration of OpenSSH through 6
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
OSV
CVE-2010-5107: The default configuration of OpenSSH through 6
osv·2013-03-07·CVSS 5.0
CVE-2010-5107 [MEDIUM] CVE-2010-5107: The default configuration of OpenSSH through 6
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Red Hat
openssh: Prevent connection slot exhaustion attacks
vendor_redhat·2013-02-06·CVSS 5.0
CVE-2010-5107 [MEDIUM] CWE-400 openssh: Prevent connection slot exhaustion attacks
openssh: Prevent connection slot exhaustion attacks
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Package: openssh (Red Hat Enterprise Linux 5) - Will not fix
Debian
CVE-2010-5107: openssh - The default configuration of OpenSSH through 6.1 enforces a fixed time limit bet...
vendor_debian·2010·CVSS 5.0
CVE-2010-5107 [MEDIUM] CVE-2010-5107: openssh - The default configuration of OpenSSH through 6.1 enforces a fixed time limit bet...
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Scope: local
bookworm: resolved (fixed in 1:6.0p1-4)
bullseye: resolved (fixed in 1:6.0p1-4)
forky: resolved (fixed in 1:6.0p1-4)
sid: resolved (fixed in 1:6.0p1-4)
trixie: resolved (fixed in 1:6.0p1-4)
No detection rules found.
Trendmicro
Current and Future Attacks Threatening Esports
blogs_trendmicro·2019-10-29
Current and Future Attacks Threatening Esports
Cyber Crime
# Current and Future Attacks Threatening Esports
Cybercriminals will increasingly target the esports industry over the next three years. Many underground forums already have sections dedicated to gaming or esports sales, and the goods and services offered in these forums generate a lot of interest.
By: Mayra Rosario Fuentes, Fernando Merces
2019/10/29
Read time: ( words)
Save to Folio
Esports has evolved from niche entertainment into a highly lucrative industry. Growing ad revenue and sponsorships allow the tournaments to grow; and as the tournaments grow, the prize pool grows as well. Of course, growing popularity and increased funds open up the entities involved to cybercriminals looking for any opportunity to make a profit.
Cheats and hacks are widely available in und
Trendmicro
Current and Future Attacks Threatening Esports
blogs_trendmicro·2019-10-29
Current and Future Attacks Threatening Esports
Cyber Crime
# Current and Future Attacks Threatening Esports
Cybercriminals will increasingly target the esports industry over the next three years. Many underground forums already have sections dedicated to gaming or esports sales, and the goods and services offered in these forums generate a lot of interest.
By: Mayra Rosario Fuentes, Fernando Merces
Oct 29, 2019
Read time: ( words)
Save to Folio
Esports has evolved from niche entertainment into a highly lucrative industry. Growing ad revenue and sponsorships allow the tournaments to grow; and as the tournaments grow, the prize pool grows as well. Of course, growing popularity and increased funds open up the entities involved to cybercriminals looking for any opportunity to make a profit.
Cheats and hacks are widely available in u
Bugzilla
CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks [fedora-all]
bugzilla·2013-02-07·CVSS 5.0
CVE-2010-5107 [MEDIUM] CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks [fedora-all]
CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue af
Bugzilla
CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks
bugzilla·2013-02-07·CVSS 5.0
CVE-2010-5107 [MEDIUM] CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks
CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks
A denial of service flaw was found in the way default server configuration of OpenSSH, a open source implementation of SSH protocol versions 1 and 2, performed management of its connection slot. A remote attacker could use this flaw to cause connection slot exhaustion on the server.
References:
[1] http://seclists.org/oss-sec/2012/q1/1
[2] http://www.openwall.com/lists/oss-security/2013/02/06/5
[3] http://www.openwall.com/lists/oss-security/2013/02/07/3
Relevant upstream patches:
[4] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234
[5] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156
[6] http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config
http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2013-1591.htmlhttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89http://www.openwall.com/lists/oss-security/2013/02/07/3http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/58162https://bugzilla.redhat.com/show_bug.cgi?id=908707https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595http://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2013-1591.htmlhttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c?r1=1.234#rev1.234http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config.5?r1=1.156#rev1.156http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?r1=1.89#rev1.89http://www.openwall.com/lists/oss-security/2013/02/07/3http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/58162https://bugzilla.redhat.com/show_bug.cgi?id=908707https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595
2013-03-07
Published