OpenSSH CVE-2010-5107 Denial of Service Vulnerability
BID:58162
Info
OpenSSH CVE-2010-5107 Denial of Service Vulnerability
| Bugtraq ID: | 58162 |
| Class: | Design Error |
| CVE: |
CVE-2010-5107 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2013 12:00AM |
| Updated: | Jul 05 2016 09:32PM |
| Credit: | Nico Golde |
| Vulnerable: |
Sun Solaris 9 Red Hat Enterprise Virtualization Hypervisor for RHEL 6 0 Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 OpenSSH OpenSSH 2.9.9 OpenSSH OpenSSH 2.9 OpenSSH OpenSSH 2.5.2 OpenSSH OpenSSH 2.5.1 OpenSSH OpenSSH 2.5 OpenSSH OpenSSH 2.3 OpenSSH OpenSSH 2.2 OpenSSH OpenSSH 2.1.1 OpenSSH OpenSSH 2.1 OpenSSH OpenSSH 1.2.3 OpenSSH OpenSSH 1.2.2 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IBM AIX 7.1 IBM AIX 6.1 IBM AIX 5.3 HP Virtual Connect Enterprise Manager 6.2 HP Virtual Connect Enterprise Manager 6.1 HP Virtual Connect Enterprise Manager 6.0 HP Version Control Agent 2.1.5 HP Systems Insight Manager 7.0 HP Systems Insight Manager 6.3 HP Systems Insight Manager 6.2 HP Systems Insight Manager 6.1 HP Systems Insight Manager 6.0 HP Systems Insight Manager 5.3 HP Systems Insight Manager 5.0 HP Systems Insight Manager 4.2 HP System Management Homepage 6.2.2 7 HP System Management Homepage 3.0.2 .77 HP System Management Homepage 3.0 .68 HP System Management Homepage 3.0 .64 HP System Management Homepage 2.2.9 .1 HP System Management Homepage 2.2.8 HP System Management Homepage 2.2.6 HP System Management Homepage 2.1.12 HP System Management Homepage 2.1.11 HP System Management Homepage 2.1.10 HP System Management Homepage 2.1.9 HP System Management Homepage 2.1.8 HP System Management Homepage 2.1.7 HP System Management Homepage 2.1.6 HP System Management Homepage 2.1.5 HP System Management Homepage 2.1.4 HP System Management Homepage 2.1.3 HP System Management Homepage 2.1.2 HP System Management Homepage 2.1.1 HP System Management Homepage 2.1 HP System Management Homepage 2.0.2 HP System Management Homepage 2.0.1 HP System Management Homepage 2.0 HP System Management Homepage 7.0 HP System Management Homepage 6.3 HP System Management Homepage 6.2 HP System Management Homepage 6.0 HP Insight Orchestration 6.2 HP Insight Orchestration 6.1 HP Insight Orchestration 6.0 HP HP-UX Secure Shell A.04.70.005 0 HP HP-UX Secure Shell A.04.70.004 0 HP HP-UX Secure Shell A.04.70.003 0 HP HP-UX Secure Shell A.04.30.007 0 HP HP-UX Secure Shell A.03.10.002 HP HP-UX Secure Shell A.03.10 Gentoo Linux Avaya Aura Experience Portal 6.0 |
| Not Vulnerable: | |
Discussion
OpenSSH CVE-2010-5107 Denial of Service Vulnerability
OpenSSH is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions.
OpenSSH is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions.
Exploit / POC
OpenSSH CVE-2010-5107 Denial of Service Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenSSH CVE-2010-5107 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva openssh-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssh-askpass-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssh-askpass-common-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssh-askpass-gnome-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssh-clients-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva openssh-server-5.1p1-2.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
References
OpenSSH CVE-2010-5107 Denial of Service Vulnerability
References:
References:
- CVE-2010-5107 Denial of Service vulnerability in ssh (Oracle)
- Bug 908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks (Red Hat)
- OpenSSH Homepage (OpenSSH)
- openssh security, bug fix, and enhancement update (RHSA-2013-1591) (Avaya)
- openssh: CVE-2010-5107 trivial DoS due to default configuration (Nico Golde)
- Re: CVE id request: openssh (Nico Golde)
- Security Bulletin: Flex System Manager (FSM) vulnerability allows a denial of se (IBM)
- 2014-11 Security Bulletin: Network and Security Manager NSM Appliances: Multiple (Juniper)
- HPSBMU03396 rev.1 - HP Version Control Repository Manager (VCRM) on Windows and (Seclist)
- HPSBUX02886 rev.1 - HP-UX Running HP Secure Shell, Remote Denial of Service (DoS (HP)
- IBM System x and Flex Systems OpenSSH Vulnerabilities (IBM)
- Oracle Critical Patch Update Advisory - January 2015 Oracle Advisory (Oracle)
- Security Bulletin: AIX OpenSSH Vulnerability (CVE-2010-5107) (IBM)
- Security Bulletin: IBM Security Access Manager for Web - Potential Denial of Ser (IBM)
- Xerox Security Bulletin XRX13-007 (Xerox)