|
OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when servicing timeouts related to the 'LoginGraceTime' server-configuration directive. Specifically, when 'LoginGraceTime' in conjunction with 'MaxStartups' and 'UsePrivilegeSeparation' are configured and enabled in the server, a condition may arise where the server refuses further remote connection attempts. This issue may be exploited by remote attackers to deny SSH service to legitimate users. |
|
|
Privacy Statement |
