1. Impact

A security vulnerability in the timeout mechanism of Solaris sshd(1M) may allow a remote unprivileged user to cause a Denial of Service (DoS) condition. If this issue is exploited, the sshd(1M) daemon will stop accepting new ssh(1) connections.

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 10 with patch 139555-08 and without patch 143140-01

• OpenSolaris based upon builds snv_99 through snv_12
  

x86 Platform

• Solaris 10 with patch 140119-06 or later or with patch 141525-01 through 141525-05 and without patch 141525-06
  

• OpenSolaris based upon builds snv_99 through snv_123
  

Notes:

1. Solaris 8 and 9 are not impacted by this issue.

2. This issue only affects systems which are configured to run the SSH service.

The following command can be used to determine if the sshd(1M) daemon is running on a host:

       $ pgrep sshd || echo "sshd not running"

3. Symptoms

When the described issue occurs, sshd(1M) on the affected host stops accepting new connections and users attempting to connect remotely may see the following message:

	ssh_exchange_identification: Connection closed by remote host

4. Workaround

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform

• Solaris 10 with patch 143140-01 or later
  
• OpenSolaris based upon builds snv_124 or later
  

x86 Platform

• Solaris 10 5/09 (or later) with patch 141525-06 or later
  
• OpenSolaris based upon builds snv_124 or later
  

This solution has no attachment