CVE-2010-5107

HIGH

OpenSSH < 6.1 - Denial of Service via Connection-Slot Exhaustion

Title source: llm
STIX 2.1

Description

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

References (12)

Core 12
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1591.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=908707
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58162
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/07/3
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515

Scores

CVSS v3 7.5
EPSS 0.1651
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (50)
openbsd/openssh 1.2
openbsd/openssh 1.2.1
openbsd/openssh 1.2.2
openbsd/openssh 1.2.3
openbsd/openssh 1.2.27
openbsd/openssh 1.3
openbsd/openssh 1.5
openbsd/openssh 1.5.7
openbsd/openssh 1.5.8
openbsd/openssh 2.1
... and 40 more
Published Mar 07, 2013
Tracked Since Feb 18, 2026