Vulnerability Details CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v2 Score 5.0
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc
- http://bugzilla.mindrot.org/show_bug.cgi?id=839
- http://securityreason.com/securityalert/520
- http://securitytracker.com/id?1015706
- http://www.osvdb.org/23797
- http://www.securityfocus.com/bid/16892
- http://www.vupen.com/english/advisories/2006/0805
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25116
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc
- http://bugzilla.mindrot.org/show_bug.cgi?id=839
- http://securityreason.com/securityalert/520
- http://securitytracker.com/id?1015706
- http://www.osvdb.org/23797
- http://www.securityfocus.com/bid/16892
- http://www.vupen.com/english/advisories/2006/0805
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25116