Note: This is an archival copy of Security Sun Alert 201264 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000947.1.
Solaris 9 Operating System
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
A security vulnerability which affects the sshd(1M) daemon when configured to use protocol version 1 may allow a remote user to cause the daemon to consume an excessive amount of CPU power. This will affect the performance and responsiveness of the system as a whole, resulting in a denial of service (DoS) to the system.
This issue is also referenced in the following document:
CVE-2006-4924 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
This issue can occur in the following releases:
A command such as the following can be used to determine if the sshd daemon is running on a host:
$ pgrep sshd || echo "sshd not running"
To determine if sshd is configured to use version 1 of the protocol, a command such as the following can be used to list the configured protocols from the default configuration file (see sshd_config(4)):
$ grep Protocol /etc/ssh/sshd_config Protocol 2,1
If '1' is included in the list of configured protocols (or if no 'Protocol' line is found as the default setting is '2,1'), then the host is potentially affected by this issue; note that in order for protocol version 1 to be truly supported on the host it must be provided with a compatible host key via the HostKey directive, see sshd_config(4) for more details.
If this issue is exploited to cause a denial of service on the host, one or more sshd processes will be running and will be consuming an unusually large percentage of CPU time. In addition, the host itself may be generally unresponsive.
To determine the CPU usage of the processes running on the system, a command such as the following can be used, which will sort the running process by CPU consumption (in descending order):
$ prstat -s cpu [...]
To work around the described issue, sites may choose to disable version 1 of the protocol by removing '1' from the list of supported protocols in the /etc/ssh/sshd_config file (see sshd_config(4)). E.g.:
$ grep Protocol /etc/ssh/sshd_config Protocol 2
and then restart the sshd daemon:
For Solaris 9:
# /etc/init.d/sshd stop ; /etc/init.d/sshd start
For Solaris 10:
# svcadm restart ssh
This issue is addressed in the following releases:
This solution has no attachment