lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <448EE64F.4040106@utdallas.edu>
Date: Tue Jun 13 17:23:37 2006
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Possible DOS issue in OpenSSH ssh client

Espen Gr?ndahl wrote:
> During some testing I found a possible bug/issue with OpenSSH ssh client.
> 
> MachineA # cat < /dev/zero | nc ?l ?p 3000
> 
> MachineB# ssh someone@...hineA ?p 3000
>
> I have tested on OpenBSD 3.9, CentOS 4.3, Debian 3.1 and Solaris 9.
> 
> This consumes 50-100% of available CPU time on MachineB ( depending on the
> bandwith between them ).
> 
What did the ssh client do?  Did it eventually time out (as you would 
expect)?  Or did it hang and never disconnect?

-- 
Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060613/11c911fe/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ