diff options
| author | simon <simon@FreeBSD.org> | 2006-10-08 14:51:43 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2006-10-08 14:51:43 +0800 |
| commit | 057cf63b764974b095a8e087dc97dc0dab512fff (patch) | |
| tree | 817ec60db86e14a158424374789a0e40be94d1cb /security | |
| parent | 4f07e3aa87f3cc63e9bf1869f4afca45ee429c17 (diff) | |
| download | freebsd-ports-gnome-057cf63b764974b095a8e087dc97dc0dab512fff.tar.gz freebsd-ports-gnome-057cf63b764974b095a8e087dc97dc0dab512fff.tar.zst freebsd-ports-gnome-057cf63b764974b095a8e087dc97dc0dab512fff.zip | |
Fix whitespace in openssh -- multiple vulnerabilities entry, which I
originally missed.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e2c76187f107..86f74e28d811 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -608,13 +608,13 @@ Note: Please add new entries to the beginning of this file. <topic>openssh -- multiple vulnerabilities</topic> <affects> <system> - <name>FreeBSD</name> - <range><ge>6.1</ge><lt>6.1_10</lt></range> - <range><ge>6.0</ge><lt>6.0_15</lt></range> - <range><ge>5.5</ge><lt>5.5_8</lt></range> - <range><ge>5.4</ge><lt>5.4_22</lt></range> - <range><ge>5.0</ge><lt>5.3_37</lt></range> - <range><lt>4.11_25</lt></range> + <name>FreeBSD</name> + <range><ge>6.1</ge><lt>6.1_10</lt></range> + <range><ge>6.0</ge><lt>6.0_15</lt></range> + <range><ge>5.5</ge><lt>5.5_8</lt></range> + <range><ge>5.4</ge><lt>5.4_22</lt></range> + <range><ge>5.0</ge><lt>5.3_37</lt></range> + <range><lt>4.11_25</lt></range> </system> <package> <name>openssh</name> @@ -630,23 +630,23 @@ Note: Please add new entries to the beginning of this file. <h1>Problem Description</h1> <p>The CRC compensation attack detector in the sshd(8) daemon, upon receipt of duplicate blocks, uses CPU time cubic in the - number of duplicate blocks received. [CVE-2006-4924]</p> + number of duplicate blocks received. [CVE-2006-4924]</p> <p>A race condition exists in a signal handler used by the sshd(8) daemon to handle the LoginGraceTime option, which can potentially cause some cleanup routines to be executed multiple times. [CVE-2006-5051]</p> <h1>Impact</h1> <p>An attacker sending specially crafted packets to sshd(8) - can cause a Denial of Service by using 100% of CPU time - until a connection timeout occurs. Since this attack can be - performed over multiple connections simultaneously, it is - possible to cause up to MaxStartups (10 by default) sshd - processes to use all the CPU time they can obtain. - [CVE-2006-4924]</p> + can cause a Denial of Service by using 100% of CPU time + until a connection timeout occurs. Since this attack can be + performed over multiple connections simultaneously, it is + possible to cause up to MaxStartups (10 by default) sshd + processes to use all the CPU time they can obtain. + [CVE-2006-4924]</p> <p>The OpenSSH project believe that the race condition can - lead to a Denial of Service or potentially remote code - execution, but the FreeBSD Security Team has been unable to - verify the exact impact. [CVE-2006-5051]</p> + lead to a Denial of Service or potentially remote code + execution, but the FreeBSD Security Team has been unable to + verify the exact impact. [CVE-2006-5051]</p> <h1>Workaround</h1> <p>The attack against the CRC compensation attack detector can be avoided by disabling SSH Protocol version 1 support in |