CVE-2006-4924
OpenSSH < 4.4 - Denial of Service via Duplicate Block SSH Packet
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4924. PoCs published by Tavis Ormandy.
AI-analyzed exploit summary This script exploits CVE-2006-4924, a DoS vulnerability in OpenSSH, by sending a maliciously crafted packet with a spoofed CRC32 checksum to trigger a denial-of-service condition. It uses netcat to communicate with the target and includes a custom CRC32 implementation in bash.
Description
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tavis Ormandy · bashdosmultiple
https://www.exploit-db.com/exploits/2444
This script exploits CVE-2006-4924, a DoS vulnerability in OpenSSH, by sending a maliciously crafted packet with a spoofed CRC32 checksum to trigger a denial-of-service condition. It uses netcat to communicate with the target and includes a custom CRC32 implementation in bash.
Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
OpenSSH versions prior to the fix for CVE-2006-4924
No auth needed
Prerequisites:
Network access to the target SSH port (default 22) · OpenSSH version vulnerable to CVE-2006-4924
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (79)
Core 79
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Various Sources vendor-advisory
x_refsource_freebsd
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
Product x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=681763
Various Sources x_refsource_confirm
http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22270
Various Sources vendor-advisory
x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23038
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-355-1
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2006/0054
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4401
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0740
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22116
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21923
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24805
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23340
Various Sources vendor-advisory
x_refsource_openbsd
http://www.openbsd.org/errata.html#ssh
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_24_sr.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22487
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200611-06.xml
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=148228
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22164
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102962-1
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22362
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23680
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34274
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/787448
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016931
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4869
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22298
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22352
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22236
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1193
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24799
Patch, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207955
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22091
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22495
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1332
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20216
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/447153/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200609-17.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22823
Various Sources vendor-advisory
x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0697.html
Various Sources x_refsource_confirm
https://hypersonic.bluecoat.com/support/securityadvisories/ssh_server_on_sg
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3777
Vendor Advisory vendor-advisory
x_refsource_openpkg
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22183
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29158
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23241
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2119
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0930
Various Sources mailing-list
x_refsource_mlist
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22926
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29371
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22208
Vendor Advisory x_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22245
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-661
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22196
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1212
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10462
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0698.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/29152
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25608
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22158
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1189
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24479
Scores
EPSS
0.3391
EPSS Percentile
98.2%
Details
CWE
CWE-399
Status
published
Products (50)
openbsd/openssh
1.2
openbsd/openssh
1.2.1
openbsd/openssh
1.2.2
openbsd/openssh
1.2.3
openbsd/openssh
1.2.27
openbsd/openssh
2.1
openbsd/openssh
2.1.1
openbsd/openssh
2.2
openbsd/openssh
2.3
openbsd/openssh
2.5
... and 40 more
Published
Sep 27, 2006
Tracked Since
Feb 18, 2026