[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247213

 
 

909

 
 

194329

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5051Date: (C)2006-09-27   (M)2024-02-09


Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 9.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 5.9Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: COMPLETE
Scope: UNCHANGEDIntegrity: COMPLETE
Confidentiality: HIGHAvailability: COMPLETE
Integrity: HIGH 
Availability: HIGH 
  
Reference:
SECTRACK-1016940
20061001-01-P
BID-20241
SECUNIA-22158
SECUNIA-22173
SECUNIA-22183
SECUNIA-22196
SECUNIA-22208
SECUNIA-22236
SECUNIA-22245
SECUNIA-22270
SECUNIA-22352
SECUNIA-22362
SECUNIA-22487
SECUNIA-22495
SECUNIA-22823
SECUNIA-22926
SECUNIA-23680
SECUNIA-24479
SECUNIA-24799
SECUNIA-24805
OSVDB-29264
ADV-2006-4018
ADV-2006-4329
ADV-2007-0930
ADV-2007-1332
APPLE-SA-2007-03-13
DSA-1189
DSA-1212
FreeBSD-SA-06:22
FreeBSD-SA-06:22.openssh
GLSA-200611-06
MDKSA-2006:179
OpenPKG-SA-2006.022
RHSA-2006:0697
RHSA-2006:0698
SSA:2006-272-02
SUSE-SA:2006:062
TA07-072A
USN-355-1
VU#851340
http://www.openbsd.org/errata.html#ssh
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
http://docs.info.apple.com/article.html?artnum=305214
http://openssh.org/txt/release-4.4
http://sourceforge.net/forum/forum.php?forum_id=681763
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
openssh-signal-handler-race-condition(29254)
oval:org.mitre.oval:def:11387

CWE    1
CWE-415
OVAL    1
oval:org.mitre.oval:def:8085

© SecPod Technologies