Security Alert: Debian OpenSSH fix - Denial of Service | ...::: Guatewireless.org ::::..

Debian and Security fher98 on 17 Sep 2008 11:12 am

Security Alert: Debian OpenSSH fix - Denial of Service

The Debian Linux project has made available to the community security updates for Open SSH. The package of OpenSSH has a DoS vulnerability in its signal handler. It has been discovered that the signal handler implemented in the login timeout in the Debian version of OpenSSH server uses functions that are not safe asyncronicas signals (async-signal-safe), which leads to a denial of service vulnerability.

Systems affected by this problem suffer from various processes at sshd zombie state. Over time, a sufficient number of processes that may accumulate in such a way that other access attempts are impossible. The presence of these processes does not indicate active exploitation of this vulnerability.

Package: openssh
Vulnerability: remote
Problem type: unsafe signal handler
Debian-specific: no
CVE Id (s): CVE-2008-4109
Debian Bug: 498678

As solve this problem?

We enter as root and type the following commands to update the database Internet, followed by the installation of the packages are fixed:

  deathbian: ~ # apt-get update 
  deathbian: ~ # apt-get upgrade

Popularity: 1% [?]

Trackback URI | Comments RSS

Your opinions, questions and links to this article are welcome ;-)

Recent Articles:

How to add your mail from Hotmail, Yahoo! to your accounts Outlook - December 12, 2008
The Free Software Foundation has sued to CISCO Systems - December 11, 2008
AmaroK 2.0 Launched - December 10, 2008
Linux: You have to use twice the amount of RAM space Swap - December 10, 2008
The best tools to use iPod on Linux or Windows - December 8, 2008
Vsftp KERBEROS_V4 rejected as an authentication type - December 4, 2008
MySQL: Recovering the root password in 5 steps - December 4, 2008
MySQL: How to change the root server database - December 2, 2008
MySQL: Optimize the performance of reading - November 28, 2008
Linux: Installation and Configuration of the NIC D-Link DGE-530T 10/100/1000 Gigabit Desktop PCI Adapter - November 27, 2008
Fedora Linux Launched 10 - November 25, 2008
Amarok: Migration of the SQLite database to Mysql 5 - November 24, 2008
DRBD on how to install Debian Linux Ubuntu - November 24, 2008
Atheros Wireless NIC configured with MadWifi on Ubuntu - November 21, 2008
We have come to Post 200 - November 19, 2008
Installing PHP on the command line - November 19, 2008
Download Flash Player beta version for 64 bits - November 18, 2008
ComFusion Linux 2.0 Released - November 13, 2008
Quick Install Squid - November 12, 2008
Linux - Find and delete files on the file system - November 11, 2008
BIND serial number - November 11, 2008
The cycle of Ubuntu 9.04 Jaunty Jackalope starts - November 10, 2008
Tools Top 50 owners and their Alternatives Opensource - November 10, 2008
Amarok: Module Python Kdecore - November 5, 2008
What is the speed in MHz RAM PC2700, PC3200, PC3500, PC4000 - November 4, 2008