Red Hat Bugzilla – Bug 207957
CVE-2006-4924 openssh DoS
Last modified: 2012-09-20 15:39:17 EDT
+++ This bug was initially created as a clone of Bug #207955 +++
Tavis Ormandy of the Google Security Team discovered a denial of service attack
on the openssh sshd daemon when ssh protocol version 1 is enabled. This flaw
will cause the openssh server to consume a large quantity of the CPU until the
specified timeout is reached.
The upstream patches can be found here:
openssh-4.3p2-4.10 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Hrm. If this issue is resolved, then shouldn't this bug report be closed
by the Fedora Updates System?
Anyhoo, the resolution is Fedora Update Notification "FEDORA-2006-1011",
Closing this bug. (If I am wrong to close this bug, please let me know?)