Red Hat Bugzilla – Bug 156996
CAN-2004-2069 openssh DoS issue
Last modified: 2007-11-30 17:07:07 EST
This information comes from
Basically, the MaxStartups (10) and LoginGraceTime (120 seconds) settings are
supposed to defend against DoS, but when run in privilege-separated mode (the
default), OpenSSH server does not properly kill its children after
LoginGraceTime expires. Thus, sshd processes that are still in authentication
phase after LoginGraceTime expires can hang around forever, and you can DoS an
FC2 OpenSSH server with default settings by simply opening up 10 connections to
the server, specifying an SSH key with a passphrase, and never typing the
*** Bug 144799 has been marked as a duplicate of this bug. ***
Do you know if this issue also affects RHEL4?
My notes say no, but I want to double check.
This was fixed upstream before 3.9p1 version was released, so it doesn't affect
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.