Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

SSH:OPENSSH-MAXSTARTUP-DOS

Severity

Major

Recommended

No

Recommended Action

Drop

Category

SSH

Keywords

OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service

Release Date

2015/06/12

Update Number

2504

Supported Platforms

idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

SSH: OpenSSH maxstartup Threshold Connection Exhaustion Denial of Service


This signature detects attempts to exploit a known vulnerability against OpenSSH server daemon (sshd). The vulnerability is due to a default configuration that only allows a small number of unauthenticated connections, after which the server will stop accepting any new connections. A remote unauthenticated attacker can exploit this vulnerability by creating a large number of connections to the SSH server, consuming all available connection slots. Repeated exploitation could result in a denial of service condition.

Extended Description

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Affected Products

  • Openbsd openssh 1.2
  • Openbsd openssh 1.2.1
  • Openbsd openssh 1.2.2
  • Openbsd openssh 1.2.27
  • Openbsd openssh 1.2.3
  • Openbsd openssh 1.3
  • Openbsd openssh 1.5
  • Openbsd openssh 1.5.7
  • Openbsd openssh 1.5.8
  • Openbsd openssh 2.1
  • Openbsd openssh 2.1.1
  • Openbsd openssh 2.2
  • Openbsd openssh 2.3
  • Openbsd openssh 2.3.1
  • Openbsd openssh 2.5
  • Openbsd openssh 2.5.1
  • Openbsd openssh 2.5.2
  • Openbsd openssh 2.9
  • Openbsd openssh 2.9.9
  • Openbsd openssh 2.9.9p2
  • Openbsd openssh 2.9p1
  • Openbsd openssh 2.9p2
  • Openbsd openssh 3.0
  • Openbsd openssh 3.0.1
  • Openbsd openssh 3.0.1p1
  • Openbsd openssh 3.0.2
  • Openbsd openssh 3.0.2p1
  • Openbsd openssh 3.0p1
  • Openbsd openssh 3.1
  • Openbsd openssh 3.1p1
  • Openbsd openssh 3.2
  • Openbsd openssh 3.2.2
  • Openbsd openssh 3.2.2p1
  • Openbsd openssh 3.2.3p1
  • Openbsd openssh 3.3
  • Openbsd openssh 3.3p1
  • Openbsd openssh 3.4
  • Openbsd openssh 3.4p1
  • Openbsd openssh 3.5
  • Openbsd openssh 3.5p1
  • Openbsd openssh 3.6
  • Openbsd openssh 3.6.1
  • Openbsd openssh 3.6.1p1
  • Openbsd openssh 3.6.1p2
  • Openbsd openssh 3.7
  • Openbsd openssh 3.7.1
  • Openbsd openssh 3.7.1p1
  • Openbsd openssh 3.7.1p2
  • Openbsd openssh 3.8
  • Openbsd openssh 3.8.1
  • Openbsd openssh 3.8.1p1
  • Openbsd openssh 3.9
  • Openbsd openssh 3.9.1
  • Openbsd openssh 3.9.1p1
  • Openbsd openssh 4.0
  • Openbsd openssh 4.0p1
  • Openbsd openssh 4.1
  • Openbsd openssh 4.1p1
  • Openbsd openssh 4.2
  • Openbsd openssh 4.2p1
  • Openbsd openssh 4.3
  • Openbsd openssh 4.3p1
  • Openbsd openssh 4.3p2
  • Openbsd openssh 4.4
  • Openbsd openssh 4.4p1
  • Openbsd openssh 4.5
  • Openbsd openssh 4.6
  • Openbsd openssh 4.7
  • Openbsd openssh 4.8
  • Openbsd openssh 4.9
  • Openbsd openssh 5.0
  • Openbsd openssh 5.1
  • Openbsd openssh 5.2
  • Openbsd openssh 5.3
  • Openbsd openssh 5.4
  • Openbsd openssh 5.5
  • Openbsd openssh 5.6
  • Openbsd openssh 5.7
  • Openbsd openssh 5.8
  • Openbsd openssh 5.8p2
  • Openbsd openssh 5.9
  • Openbsd openssh 6.0
  • Openbsd openssh 6.1

References

  • CVE: CVE-2010-5107

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out