Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SSH:OPENSSH-MAXSTARTUP-DOS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSH |
Keywords |
OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service |
Release Date |
2015/06/12 |
Update Number |
2504 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SSH: OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service
This signature detects attempts to exploit a known vulnerability against OpenSSH server daemon (sshd). The vulnerability is due to a default configuration that only allows a small number of unauthenticated connections, after which the server will stop accepting any new connections. A remote unauthenticated attacker can exploit this vulnerability by creating a large number of connections to the SSH server, consuming all available connection slots. Repeated exploitation could result in a denial of service condition.
Extended Description
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Affected Products
- Openbsd openssh 1.2
- Openbsd openssh 1.2.1
- Openbsd openssh 1.2.2
- Openbsd openssh 1.2.27
- Openbsd openssh 1.2.3
- Openbsd openssh 1.3
- Openbsd openssh 1.5
- Openbsd openssh 1.5.7
- Openbsd openssh 1.5.8
- Openbsd openssh 2.1
- Openbsd openssh 2.1.1
- Openbsd openssh 2.2
- Openbsd openssh 2.3
- Openbsd openssh 2.3.1
- Openbsd openssh 2.5
- Openbsd openssh 2.5.1
- Openbsd openssh 2.5.2
- Openbsd openssh 2.9
- Openbsd openssh 2.9.9
- Openbsd openssh 2.9.9p2
- Openbsd openssh 2.9p1
- Openbsd openssh 2.9p2
- Openbsd openssh 3.0
- Openbsd openssh 3.0.1
- Openbsd openssh 3.0.1p1
- Openbsd openssh 3.0.2
- Openbsd openssh 3.0.2p1
- Openbsd openssh 3.0p1
- Openbsd openssh 3.1
- Openbsd openssh 3.1p1
- Openbsd openssh 3.2
- Openbsd openssh 3.2.2
- Openbsd openssh 3.2.2p1
- Openbsd openssh 3.2.3p1
- Openbsd openssh 3.3
- Openbsd openssh 3.3p1
- Openbsd openssh 3.4
- Openbsd openssh 3.4p1
- Openbsd openssh 3.5
- Openbsd openssh 3.5p1
- Openbsd openssh 3.6
- Openbsd openssh 3.6.1
- Openbsd openssh 3.6.1p1
- Openbsd openssh 3.6.1p2
- Openbsd openssh 3.7
- Openbsd openssh 3.7.1
- Openbsd openssh 3.7.1p1
- Openbsd openssh 3.7.1p2
- Openbsd openssh 3.8
- Openbsd openssh 3.8.1
- Openbsd openssh 3.8.1p1
- Openbsd openssh 3.9
- Openbsd openssh 3.9.1
- Openbsd openssh 3.9.1p1
- Openbsd openssh 4.0
- Openbsd openssh 4.0p1
- Openbsd openssh 4.1
- Openbsd openssh 4.1p1
- Openbsd openssh 4.2
- Openbsd openssh 4.2p1
- Openbsd openssh 4.3
- Openbsd openssh 4.3p1
- Openbsd openssh 4.3p2
- Openbsd openssh 4.4
- Openbsd openssh 4.4p1
- Openbsd openssh 4.5
- Openbsd openssh 4.6
- Openbsd openssh 4.7
- Openbsd openssh 4.8
- Openbsd openssh 4.9
- Openbsd openssh 5.0
- Openbsd openssh 5.1
- Openbsd openssh 5.2
- Openbsd openssh 5.3
- Openbsd openssh 5.4
- Openbsd openssh 5.5
- Openbsd openssh 5.6
- Openbsd openssh 5.7
- Openbsd openssh 5.8
- Openbsd openssh 5.8p2
- Openbsd openssh 5.9
- Openbsd openssh 6.0
- Openbsd openssh 6.1
References
- CVE: CVE-2010-5107