文档介绍:OpenSSH复制块远程拒绝服务漏洞危害远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。攻击所需条件攻击者必须访问OpenSSH。漏洞信息OpenSSH是一款流行的加密安全shell应用实现。OpenSSH不正确处理进入的复制块数据,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。当OpenSSH启用ssh协议版本1时,处理复制块(duplicatedbloack)数据存在问题,可导致服务器消耗大量cpu时间,直至到达特定的超时设置,重复提交此类通信,可导致拒绝服务攻击。目前没有详细漏洞细节提供。厂商解决方案2006-9-16日的cvs库已经修正此问题:-bin/cvsweb/src/.diff?r1=&r2=&sortby=date&f=h-bin/cvsweb/src/.diff?r1=&r2=&sortby=date&f=h-bin/cvsweb/src/.diff?r1=&r2=&sortby=date&f=h漏洞提供者TavisOrmandyoftheGoogleSecurityTeamDifffor/src/.,2006/08/0304:34:,2006/09/1620:53:37Line30Line30#include""#include""#include""#include""/**CRCattackdetectionhasaworst-casebehaviourthatisO(N^3)over**exploitedtocreatealimiteddenialofserviceattack.**However,becausewearedealingwithencrypteddata,identical*urevery2^35maximally-sizedpacketsorso.*Consequently,wecandetectthisDoSbylookingforidenticalblocks*inapacket.**Theparameterbelowdetermineshowmanyidenticalblockswewill*acceptinasinglepacket,tradingoffbetweenattackdetectionand**correspondstoanaverageof2^40messagesbeforeanattackis*misdetected*/#defineMAX_IDENTICAL32/*SSHConstants*//*SSHConstants*/#defineSSH_MAXBLOCKS(32*1024)#define