Fluid Attacks Database

Description

The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	openssh	>=0 <1:6.0p1-4	1:6.0p1-4
debian 11	openssh	>=0 <1:6.0p1-4	1:6.0p1-4
debian 12	openssh	>=0 <1:6.0p1-4	1:6.0p1-4
debian 14	openssh	>=0 <1:6.0p1-4	1:6.0p1-4
rpm rhel5	openssh	-	-
rpm rhel6	openssh	<0:5.3p1-94.el6	0:5.3p1-94.el6

Aliases

1. CVE-2010-51072. NVD-2010-51073. OSV-DEBIAN-2010-51074. OSV-2010-51075. SECURITY-TRACKER-CVE-2010-5107

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.