COMMAND

    ssh

SYSTEMS AFFECTED

    Systems running ssh (not all :-)

PROBLEM

    "Sean  B.  Hamor" <hamors@litterbox.org>  said  that  he  may have
    found a possible  denial of service  attack for use  against  SSH.
    The attack requires an account on the target machine.

    It seems that when his Windows 95 laptop establishes a  connection
    to  his  Linux  box  via  SSH  and  the  PPP connection drops, all
    processes  that  were   being  controlled  by   the  inbound   SSH
    connection get  zombied out.   If he  establish a  connection  and
    exit/drop the SSH connection, the  Linux box recovers fine.   This
    problem only  occurs when  the PPP  connection drops.   And  guess
    what?   Every single  process that  will be  executed when someone
    logged in at console (init 4) will be zombied out.

SOLUTION

     Killing off the  main sshd will  get rid of  the zombies and  try
     something else than ssh.