Red Hat Bugzilla – Bug 208298
CVE-2006-4924 openssh DoS
Last modified: 2007-11-30 17:06:55 EST
+++ This bug was initially created as a clone of Bug #207955 +++
Tavis Ormandy of the Google Security Team discovered a denial of service attack
on the openssh sshd daemon when ssh protocol version 1 is enabled. This flaw
will cause the openssh server to consume a large quantity of the CPU until the
specified timeout is reached.
The upstream patches can be found here:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.