You are here

SSH Deamon: Denial of Service

CB-K13/0190, CVE-2010-5107
OpenSSH, SunSSH, sshd, DoS

An attacker can make an SSH service unavailable to new users by continuously opening new TCP Connections to the SSH service. OpenSSH reacted to this vulnerability be decreasing the default maximal lifetime of an unauthenticated SSH session (LoginGraceTime) from 2 minutes to 1 minute. Obviously this Denial of Service attack is still possible by opening new TCP connections in a shorter time period.

The security zoning on Airlock prevents attackers to access the SSH agent from the external network, e.g. the Internet. The SSH agent is only accessible from the trusted internal/management network.


No action required.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required