CVE-2010-5107

OpenSSH < 6.1 - Denial of Service via Connection-Slot Exhaustion

Title source: llm
STIX 2.1

Description

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

References (12)

Core 12
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=908707
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19515
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1591.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58162
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/07/3
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19595

Scores

EPSS 0.0161
EPSS Percentile 82.0%

Details

Status published
Products (50)
openbsd/openssh 1.2
openbsd/openssh 1.2.1
openbsd/openssh 1.2.2
openbsd/openssh 1.2.3
openbsd/openssh 1.2.27
openbsd/openssh 1.3
openbsd/openssh 1.5
openbsd/openssh 1.5.7
openbsd/openssh 1.5.8
openbsd/openssh 2.1
... and 40 more
Published Mar 07, 2013
Tracked Since Feb 18, 2026