CVE-2004-2069
MEDIUMEPSS 87th pctlDescription
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Elevated risk: more likely to be exploited than 87% of all known CVEs.
References
- marc.info
- marc.info
- rhn.redhat.com
- secunia.com
- secunia.com
- secunia.com
- secunia.com
- secunia.com
- support.avaya.com
- support.avaya.com
- osvdb.org
- securityfocus.com
- securityfocus.com
- securityfocus.com
- securityfocus.com
- securityfocus.com
- vmware.com
- vmware.com
- vmware.com
- vmware.com
- vupen.com
- exchange.xforce.ibmcloud.com
- oval.cisecurity.org
Embed a live status badge for CVE-2004-2069
Markdown
[](https://tridentstack.com/cve/CVE-2004-2069)HTML
<a href="https://tridentstack.com/cve/CVE-2004-2069"><img src="https://tridentstack.com/cve/badge/CVE-2004-2069.svg" alt="CVE-2004-2069"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-16.