CVE-2006-0883 Information

Description

OpenSSH on FreeBSD 5.3 and 5.4 when used with OpenPAM does not properly handle when a forked child process terminates during PAM authentication which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server waiting for the password prompt then disconnecting.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc http://bugzilla.mindrot.org/show_bug.cgi?id=839 http://securityreason.com/securityalert/520 http://securitytracker.com/id?1015706 http://www.osvdb.org/23797 http://www.securityfocus.com/bid/16892 http://www.vupen.com/english/advisories/2006/0805 https://exchange.xforce.ibmcloud.com/vulnerabilities/25116