Search for vulnerabilities
Vulnerability details: VCID-fapz-3gfs-aaaq
Vulnerability ID VCID-fapz-3gfs-aaaq
Aliases CVE-2004-2069
Summary sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
Status Published
Exploitability 0.5
Weighted Severity 4.5
Risk 2.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2005:550
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04299 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.04787 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.0485 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.06142 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
epss 0.07345 https://api.first.org/data/v1/epss?cve=CVE-2004-2069
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1617421
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2004-2069
Reference id Reference type URL
http://marc.info/?l=openssh-unix-dev&m=107520317020444&w=2
http://marc.info/?l=openssh-unix-dev&m=107529205602320&w=2
http://rhn.redhat.com/errata/RHSA-2005-550.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-2069.json
https://api.first.org/data/v1/epss?cve=CVE-2004-2069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2069
http://secunia.com/advisories/17000
http://secunia.com/advisories/17135
http://secunia.com/advisories/17252
http://secunia.com/advisories/22875
http://secunia.com/advisories/23680
https://exchange.xforce.ibmcloud.com/vulnerabilities/20930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11541
http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf
http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf
http://www.osvdb.org/16567
http://www.securityfocus.com/archive/1/425397/100/0/threaded
http://www.securityfocus.com/archive/1/451404/100/0/threaded
http://www.securityfocus.com/archive/1/451417/100/200/threaded
http://www.securityfocus.com/archive/1/451426/100/200/threaded
http://www.securityfocus.com/bid/14963
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vupen.com/english/advisories/2006/4502
1617421 https://bugzilla.redhat.com/show_bug.cgi?id=1617421
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
CVE-2004-2069 https://nvd.nist.gov/vuln/detail/CVE-2004-2069
RHSA-2005:550 https://access.redhat.com/errata/RHSA-2005:550
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2004-2069
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87821
EPSS Score 0.04299
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.