CVE-2006-4924

Description

sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

How to fix CVE-2006-4924

To remediate CVE-2006-4924, upgrade the affected package to a fixed version below.

• Debian/openssh—upgrade to 1:4.3p2-4 or later
• Debian/openssh—upgrade to 1:3.8.1p1-8.sarge.6 or later
• Debian/openssh—upgrade to 1:3.8.1p1-8.sarge.6 or later
• —upgrade to 3.8.1p1-7sarge1 or later

Is CVE-2006-4924 being exploited?

Likely — EPSS is 54.3%, placing CVE-2006-4924 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (4)

• from 0, < 1:4.3p2-4
• from 0, < 1:3.8.1p1-8.sarge.6
• from 0, < 1:3.8.1p1-8.sarge.6
• from 0, < 3.8.1p1-7sarge1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4924