CVE 2006-4925
'packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.'
ClearCenter response
Short response
ClearCenter does not consider this a security issue.
Long response
This bug affects the OpenSSH client and not the server. This can cause the client to crash when connecting to a malicious server. This is not a denial of service condition.
Resolution
No action required.
Links
content/en_us/announcements_cve_cve-2006-4925.txt · Last modified: 2014/12/22 10:12 by dloper