Note: This is an archival copy of Security Sun Alert 201264 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000947.1. |
Category Security Release Phase Resolved Solaris 9 Operating System Solaris 10 Operating System Bug Id 6477720 Date of Workaround Release 08-JUN-2007 Date of Resolved Release 29-JUN-2007 Impact A security vulnerability which affects the sshd(1M) daemon when configured to use protocol version 1 may allow a remote user to cause the daemon to consume an excessive amount of CPU power. This will affect the performance and responsiveness of the system as a whole, resulting in a denial of service (DoS) to the system. This issue is also referenced in the following document: CVE-2006-4924 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Notes:
A command such as the following can be used to determine if the sshd daemon is running on a host: $ pgrep sshd || echo "sshd not running" To determine if sshd is configured to use version 1 of the protocol, a command such as the following can be used to list the configured protocols from the default configuration file (see sshd_config(4)): $ grep Protocol /etc/ssh/sshd_config Protocol 2,1 If '1' is included in the list of configured protocols (or if no 'Protocol' line is found as the default setting is '2,1'), then the host is potentially affected by this issue; note that in order for protocol version 1 to be truly supported on the host it must be provided with a compatible host key via the HostKey directive, see sshd_config(4) for more details. Symptoms If this issue is exploited to cause a denial of service on the host, one or more sshd processes will be running and will be consuming an unusually large percentage of CPU time. In addition, the host itself may be generally unresponsive. To determine the CPU usage of the processes running on the system, a command such as the following can be used, which will sort the running process by CPU consumption (in descending order): $ prstat -s cpu [...] Workaround To work around the described issue, sites may choose to disable version 1 of the protocol by removing '1' from the list of supported protocols in the /etc/ssh/sshd_config file (see sshd_config(4)). E.g.: $ grep Protocol /etc/ssh/sshd_config Protocol 2 and then restart the sshd daemon: For Solaris 9: # /etc/init.d/sshd stop ; /etc/init.d/sshd start For Solaris 10: # svcadm restart ssh Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Modification History Date: 21-JUN-2007
Date: 26-JUN-2007
Date: 29-JUN-2007
References123324-03123325-03 113273-15 114858-12 Attachments This solution has no attachment |
|