You are here
SSH Deamon: Denial of Service
Submitted on 20. March 2013 - 15:01 by rischi.
Last update on 20. March 2013 - 17:00.
Last update on 20. March 2013 - 17:00.
IDs:
CB-K13/0190, CVE-2010-5107
Keywords:
OpenSSH, SunSSH, sshd, DoS
Description:
An attacker can make an SSH service unavailable to new users by continuously opening new TCP Connections to the SSH service. OpenSSH reacted to this vulnerability be decreasing the default maximal lifetime of an unauthenticated SSH session (LoginGraceTime) from 2 minutes to 1 minute. Obviously this Denial of Service attack is still possible by opening new TCP connections in a shorter time period.
The security zoning on Airlock prevents attackers to access the SSH agent from the external network, e.g. the Internet. The SSH agent is only accessible from the trusted internal/management network.
Resolution:
No action required.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: