What is the severity of CVE-2006-0883?

CVE-2006-0883 is classified as a denial of service vulnerability.

How do I fix CVE-2006-0883?

To mitigate CVE-2006-0883, update OpenSSH to a patched version that resolves this issue.

Which versions are affected by CVE-2006-0883?

CVE-2006-0883 specifically affects OpenSSH on FreeBSD 5.3 and 5.4 when used with OpenPAM.

What type of attack does CVE-2006-0883 facilitate?

CVE-2006-0883 allows remote attackers to execute a denial of service attack by causing connection refusals on the SSH server.

Is there a known exploit for CVE-2006-0883?

Yes, attackers can exploit CVE-2006-0883 by repeatedly connecting to the vulnerable SSH server during PAM authentication.

Vulnerability/
CVE-2006-0883

medium

CWE

399

7/3/2006

7/8/2024

CVE-2006-0883

First published: Tue Mar 07 2006(Updated: )

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
OpenSSH	=3.8.1p1
FreeBSD Kernel	=5.3
FreeBSD Kernel	=5.3-release
FreeBSD Kernel	=5.3-releng
FreeBSD Kernel	=5.3-stable
FreeBSD Kernel	=5.4-pre-release
FreeBSD Kernel	=5.4-release
FreeBSD Kernel	=5.4-releng
FreeBSD Kernel	=5.4-stable

Remedy

http://securitytracker.com/id?1015706

Remedy

http://www.securityfocus.com/bid/16892

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0883?
CVE-2006-0883 is classified as a denial of service vulnerability.
How do I fix CVE-2006-0883?
To mitigate CVE-2006-0883, update OpenSSH to a patched version that resolves this issue.
Which versions are affected by CVE-2006-0883?
CVE-2006-0883 specifically affects OpenSSH on FreeBSD 5.3 and 5.4 when used with OpenPAM.
What type of attack does CVE-2006-0883 facilitate?
CVE-2006-0883 allows remote attackers to execute a denial of service attack by causing connection refusals on the SSH server.
Is there a known exploit for CVE-2006-0883?
Yes, attackers can exploit CVE-2006-0883 by repeatedly connecting to the vulnerable SSH server during PAM authentication.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/references
agent/severity
agent/author
agent/event
agent/description
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/openbsd
canonical/openssh
version/openssh/3.8.1p1
vendor/freebsd
canonical/freebsd kernel
version/freebsd kernel/5.3
version/freebsd kernel/5.3-release
version/freebsd kernel/5.3-releng
version/freebsd kernel/5.3-stable
version/freebsd kernel/5.4-pre-release
version/freebsd kernel/5.4-release
version/freebsd kernel/5.4-releng
version/freebsd kernel/5.4-stable

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.