[Forgot Password]
Login  Register Subscribe

23631

 
 

127000

 
 

102010

 
 

909

 
 

81059

 
 

123

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-5051Date: (C)2006-09-27   (M)2018-02-19


Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 9.3
Exploit Score: Exploit Score: 8.6
Impact Score : Impact Score : 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  





Reference:
SECTRACK-1016940
20061001-01-P
BID-20241
SECUNIA-22158
SECUNIA-22173
SECUNIA-22183
SECUNIA-22196
SECUNIA-22208
SECUNIA-22236
SECUNIA-22245
SECUNIA-22270
SECUNIA-22352
SECUNIA-22362
SECUNIA-22487
SECUNIA-22495
SECUNIA-22823
SECUNIA-22926
SECUNIA-23680
SECUNIA-24479
SECUNIA-24799
SECUNIA-24805
OSVDB-29264
ADV-2006-4018
ADV-2006-4329
ADV-2007-0930
ADV-2007-1332
APPLE-SA-2007-03-13
DSA-1189
DSA-1212
FreeBSD-SA-06:22
FreeBSD-SA-06:22.openssh
GLSA-200611-06
IAVM:2012-A-0136
MDKSA-2006:179
OpenPKG-SA-2006.022
RHSA-2006:0697
RHSA-2006:0698
SSA:2006-272-02
SUSE-SA:2006:062
TA07-072A
USN-355-1
VU#851340
http://www.openbsd.org/errata.html#ssh
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
http://docs.info.apple.com/article.html?artnum=305214
http://openssh.org/txt/release-4.4
http://sourceforge.net/forum/forum.php?forum_id=681763
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
openssh-signal-handler-race-condition(29254)

CPE    56
cpe:/a:openbsd:openssh:1.2.3
cpe:/a:openbsd:openssh:1.2.2
cpe:/a:openbsd:openssh:1.2.1
cpe:/a:openbsd:openssh:3.7.1p2
...
CWE    1
CWE-362
OVAL    1
oval:org.mitre.oval:def:8085

© 2013 SecPod Technologies