Full Disclosure mailing list archives

Re: Possible DOS issue in OpenSSH ssh client

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 13 Jun 2006 11:22:39 -0500

Espen Grøndahl wrote:

During some testing I found a possible bug/issue with OpenSSH ssh client.

MachineA # cat < /dev/zero | nc –l –p 3000

MachineB# ssh someone@MachineA –p 3000

I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9.

This consumes 50-100% of available CPU time on MachineB ( depending on the
bandwith between them ).

What did the ssh client do? Did it eventually time out (as you wouldexpect)? Or did it hang and never disconnect?


--
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client Paul Schmehl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client kaosone (Jun 13)
- <Possible follow-ups>
- Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)