Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Possible DOS issue in OpenSSH ssh client

From: Espen Grøndahl <espen () espen mine nu>
Date: Tue, 13 Jun 2006 21:29:46 +0200
The client did just hang – I don’t know for how long, but I sent a break
after an hour :-)

I didn’t have the time to test this issue more.

 

kaosone wrote:

 

This could be used in a denial of service attack – or could be used to

stop

( or at least annoy ) ssh bruteforcers J



no, the bruteforcers don't use ssh, but other programs that can be not
affected by this


 

It is good to see that someone knows “all” the bruteforcers :-) ( could you
please ask them to stop … )

I do not know if this issue affects Hydra, Guess-who and so on.

 

I have only tested this issue with OpenSSH client and putty.

 

Putty seems to be less affected ( cpu usage 25-40% ).

 

 

 

 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: