CVE 2010-5107
'The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.'
ClearCenter response
Short response
Mitigated with active Intrusion Prevention enabled.
Long response
While this DoS issue can affect ClearOS, the risk is low to the system with Intrusion Prevention services running and active updates of the Intrusion Prevention systems which watch for repetitive connections and block attempts.
Resolution
Install, enable and subscribe to Intrusion Prevention and Intrusion Prevention updates.
Links
content/en_us/announcements_cve_cve-2010-5107.txt · Last modified: 2014/12/22 11:31 by dloper