Search for vulnerabilities
Vulnerability details: VCID-6qqj-ptw1-aaam
Vulnerability ID VCID-6qqj-ptw1-aaam
Aliases CVE-2008-4109
Summary A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
epss 0.00846 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01112 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.01573 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
epss 0.07613 https://api.first.org/data/v1/epss?cve=CVE-2008-4109
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-4109
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498678
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-4109.json
https://api.first.org/data/v1/epss?cve=CVE-2008-4109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4109
http://secunia.com/advisories/31885
http://secunia.com/advisories/32080
http://secunia.com/advisories/32181
https://exchange.xforce.ibmcloud.com/vulnerabilities/45202
http://www.debian.org/security/2008/dsa-1638
http://www.openwall.com/lists/oss-security/2024/07/01/3
http://www.securitytracker.com/id?1020891
http://www.ubuntu.com/usn/usn-649-1
CVE-2008-4109 https://nvd.nist.gov/vuln/detail/CVE-2008-4109
USN-649-1 https://usn.ubuntu.com/649-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-4109
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.73634
EPSS Score 0.00846
Published At May 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.