OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability

OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability

OpenSSH is susceptible to a remote denial-of-service vulnerability. This issue is due to a design flaw when servicing timeouts related to the 'LoginGraceTime' server-configuration directive.

Specifically, when 'LoginGraceTime' in conjunction with 'MaxStartups' and 'UsePrivilegeSeparation' are configured and enabled in the server, a condition may arise where the server refuses further remote connection attempts.

This issue may be exploited by remote attackers to deny SSH service to legitimate users.