OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability

Bugtraq ID:	14963
Class:	Design Error
CVE:	CVE-2004-2069
Remote:	Yes
Local:	No
Published:	Jan 28 2004 12:00AM
Updated:	Dec 15 2006 10:53PM
Credit:	"Kumaresh" <kumaresh_ind@gmx.net> disclosed this issue to the vendor.
Vulnerable:	VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.3 VMWare ESX Server 2.1.3 VMWare ESX Server 2.0.2 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 3 RedHat Desktop 3.0 Red Hat Fedora Core3 Red Hat Fedora Core2 Red Hat Fedora Core1 Red Hat Enterprise Linux AS 3 OpenSSH OpenSSH 3.7.1 p1 + SCO Open Server 5.0.7 OpenSSH OpenSSH 3.7.1 OpenSSH OpenSSH 3.7 p1 OpenSSH OpenSSH 3.7 .1p2 OpenSSH OpenSSH 3.7 OpenSSH OpenSSH 3.6.1 p2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Multi Network Firewall 2.0 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + Mandriva Linux Mandrake 9.0 + Mandriva Linux Mandrake 8.2 ppc + Mandriva Linux Mandrake 8.2 + Trustix Secure Linux 2.0 OpenSSH OpenSSH 3.6.1 p1 + OpenPKG OpenPKG Current + Slackware Linux 9.0 + Slackware Linux -current OpenSSH OpenSSH 3.6.1 + Novell Netware 6.5 OpenSSH OpenSSH 3.5 p1 + Conectiva Linux 9.0 + OpenPKG OpenPKG 1.2 + RedHat Linux 9.0 i386 + S.u.S.E. Linux Personal 8.2 + Terra Soft Solutions Yellow Dog Linux 3.0 OpenSSH OpenSSH 3.5 OpenSSH OpenSSH 3.4 p1-1 OpenSSH OpenSSH 3.4 p1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Conectiva Linux Enterprise Edition 1.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + FreeBSD FreeBSD 5.0 + FreeBSD FreeBSD 4.7 -RELEASE + FreeBSD FreeBSD 4.7 + IBM AIX 5.1 L + IBM AIX 4.3.3 + Immunix Immunix OS 7+ + RedHat Linux 8.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux 8.0 + Slackware Linux 8.1 OpenSSH OpenSSH 3.4 OpenSSH OpenSSH 3.3 p1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 OpenSSH OpenSSH 3.3 + Openwall Openwall GNU//Linux (Owl)-current OpenSSH OpenSSH 3.2.3 p1 OpenSSH OpenSSH 3.2.2 p1 + Apple Mac OS X 10.1.5 + Apple Mac OS X 10.1.4 + Apple Mac OS X 10.1.3 + Apple Mac OS X 10.1.2 + Apple Mac OS X 10.1.1 + Apple Mac OS X 10.1 + Apple Mac OS X 10.1 + Apple Mac OS X 10.0.4 + Apple Mac OS X 10.0.3 + Apple Mac OS X 10.0.2 + Apple Mac OS X 10.0.1 + Apple Mac OS X 10.0 OpenSSH OpenSSH 3.2 + OpenBSD OpenBSD 3.1 OpenSSH OpenSSH 3.1 p1 + Juniper Networks NetScreen-IDP 10 3.0 r2 + Juniper Networks NetScreen-IDP 10 3.0 r1 + Juniper Networks NetScreen-IDP 10 3.0 + Juniper Networks NetScreen-IDP 100 3.0 r2 + Juniper Networks NetScreen-IDP 100 3.0 r1 + Juniper Networks NetScreen-IDP 100 3.0 + Juniper Networks NetScreen-IDP 1000 3.0 r2 + Juniper Networks NetScreen-IDP 1000 3.0 r1 + Juniper Networks NetScreen-IDP 1000 3.0 + Juniper Networks NetScreen-IDP 500 3.0 r2 + Juniper Networks NetScreen-IDP 500 3.0 r1 + Juniper Networks NetScreen-IDP 500 3.0 + Red Hat Enterprise Linux AS 2.1 IA64 + Red Hat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Linux 7.3 + RedHat Linux 7.2 + RedHat Linux 7.1 + RedHat Linux for iSeries 7.1 + RedHat Linux for pSeries 7.1 + Slackware Linux 8.1 + Sun Linux 5.0.7 + Sun Solaris 9 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 OpenSSH OpenSSH 3.1 OpenSSH OpenSSH 3.0.2 p1 + Guardian Digital Engarde Secure Linux 1.0.1 + HP VirtualVault 4.6 OpenSSH OpenSSH 3.0.2 - Debian Linux 3.0 + FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07 + FreeBSD FreeBSD 4.5 -RELEASE + OpenPKG OpenPKG 1.0 + Openwall Openwall GNU//Linux 0.1 -stable + S.u.S.E. Linux 8.0 OpenSSH OpenSSH 3.0.1 p1 OpenSSH OpenSSH 3.0.1 OpenSSH OpenSSH 3.0 p1 OpenSSH OpenSSH 3.0 OpenSSH OpenSSH 2.9.9 + NetBSD NetBSD 1.5.2 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.2 OpenSSH OpenSSH 2.9 p2 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 - Conectiva Linux 5.0 - Conectiva Linux graficas - Conectiva Linux ecommerce + FreeBSD FreeBSD 4.4 -RELENG + HP Secure OS software for Linux 1.0 + Immunix Immunix OS 7.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 8.1 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + RedHat Linux 7.2 + RedHat Linux 7.1 + RedHat Linux 7.0 - S.u.S.E. Linux 7.3 sparc - S.u.S.E. Linux 7.3 ppc - S.u.S.E. Linux 7.3 i386 - S.u.S.E. Linux 7.2 i386 - S.u.S.E. Linux 7.1 x86 - S.u.S.E. Linux 7.1 sparc - S.u.S.E. Linux 7.1 ppc - S.u.S.E. Linux 7.1 alpha + Sun Cobalt RaQ 550 OpenSSH OpenSSH 2.9 p1 - IBM AIX 4.3.3 - IBM AIX 4.3.2 - IBM AIX 4.3.1 - IBM AIX 4.3 OpenSSH OpenSSH 2.9 + FreeBSD FreeBSD 4.6 -RELEASE + FreeBSD FreeBSD 4.6 + FreeBSD FreeBSD 4.5 -RELEASE + FreeBSD FreeBSD 4.5 OpenSSH OpenSSH 2.5.2 - Caldera OpenUnix 8.0 - Caldera UnixWare 7.1.1 - Wirex Immunix OS 6.2 OpenSSH OpenSSH 2.5.1 + NetBSD NetBSD 1.5.1 + S.u.S.E. Linux 7.3 + S.u.S.E. Linux 7.2 + S.u.S.E. Linux 7.1 + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Firewall on CD + S.u.S.E. SuSE eMail Server III - SCO Open Server 5.0.6 a - SCO Open Server 5.0.6 - SCO Open Server 5.0.5 - SCO Open Server 5.0.4 - SCO Open Server 5.0.3 - SCO Open Server 5.0.2 - SCO Open Server 5.0.1 - SCO Open Server 5.0 + SuSE SUSE Linux Enterprise Server 7 OpenSSH OpenSSH 2.5 OpenSSH OpenSSH 2.3 - S.u.S.E. Linux 7.0 sparc - S.u.S.E. Linux 7.0 ppc - S.u.S.E. Linux 7.0 i386 - S.u.S.E. Linux 7.0 alpha - S.u.S.E. Linux 6.4 ppc - S.u.S.E. Linux 6.4 i386 - S.u.S.E. Linux 6.4 alpha Avaya Intuity LX Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN

Not Vulnerable:	VMWare ESX Server 2.5.4 Patch 1 VMWare ESX Server 2.5.3 Patch 4 VMWare ESX Server 2.1.3 Patch 2 VMWare ESX Server 2.0.2 Patch 2 OpenSSH OpenSSH 3.8 p1 + S.u.S.E. Linux Personal 9.1 x86_64 + S.u.S.E. Linux Personal 9.1