CVE-2008-4109 (retired)

Priority
Description
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before
4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses
functions that are not async-signal-safe in the signal handler for login
timeouts, which allows remote attackers to cause a denial of service
(connection slot exhaustion) via multiple login attempts. NOTE: this issue
exists because of an incorrect fix for CVE-2006-5051.
Assigned-to
kees
Notes
Package
Upstream:released (4.6p1)
More Information

Updated: 2019-10-09 07:12:11 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)