Candidate: CVE-2008-4109
PublicDate: 2008-09-18 15:04:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109
 https://ubuntu.com/security/notices/USN-649-1
Description:
 A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before
 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses
 functions that are not async-signal-safe in the signal handler for login
 timeouts, which allows remote attackers to cause a denial of service
 (connection slot exhaustion) via multiple login attempts. NOTE: this issue
 exists because of an incorrect fix for CVE-2006-5051.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_openssh:
upstream_openssh: released (4.6p1)
dapper_openssh: released (1:4.2p1-7ubuntu3.5)
feisty_openssh: released (1:4.3p2-8ubuntu1.5)
gutsy_openssh: not-affected
hardy_openssh: not-affected
devel_openssh: not-affected