Page 1 of 1

Prevent ssh connection slot DoS: CVE-2010-5107

Posted: 08 Aug 2013, 18:35
by colinm
Is there some way that CSF can be used to effectively prevent the attack described in CVE-2010-5107? I'm not overly concerned about this issue (it *has* existed for 11 years, after-all) but the third-party company that does security scans for PCI compliance wants it resolved. The suggested solution is to upgrade OpenSSH to 6.2 to use new feature that mitigate this risk but 6.2 is very new and there are no readily available packages for it on my distro (Debian Squeeze). So since I am already using CSF I was wondering if there was a way to use CSF for this.

Does CSF count a timed-out login as a failed login attempt? If so then CSF already does mitigate this to an extent..

Thanks,
Colin

Re: Prevent ssh connection slot DoS: CVE-2010-5107

Posted: 08 Aug 2013, 20:41
by colinm
Actually Debian shows that this vulnerability was "fixed" in the latest 5.5 version on squeeze.. Am still curious though if a timeout on login command counts as a failed login attempt..