National Cyber-Alert System
Vulnerability Summary for CVE-2006-5051
Original release date:09/27/2006
Last revised:09/05/2008
Source:
US-CERT/NIST
Overview
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
10.0
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service
Successful code execution exploitation requires that GSSAPI authentication is enabled.
- Official Statement from Red Hat (03/14/2007)
-
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
US-CERT Vulnerability Note: VU#851340
Name: VU#851340
US-CERT Technical Alert: TA07-072A
Name: TA07-072A
External Source: XF
Name: openssh-signal-handler-race-condition(29254)
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
External Source: CONFIRM
Name: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
External Source: UBUNTU
Name: USN-355-1
External Source: BID
Name: 20241
External Source: REDHAT
Name: RHSA-2006:0698
External Source: REDHAT
Name: RHSA-2006:0697
External Source: OSVDB
Name: 29264
External Source: OPENPKG
Name: OpenPKG-SA-2006.022
External Source: OPENBSD
Name: [2.9] 015: SECURITY FIX: October 12, 2006
External Source: SUSE
Name: SUSE-SA:2006:062
External Source: VUPEN
Name: ADV-2007-1332
External Source: VUPEN
Name: ADV-2007-0930
External Source: VUPEN
Name: ADV-2006-4329
External Source: VUPEN
Name: ADV-2006-4018
External Source: DEBIAN
Name: DSA-1212
External Source: DEBIAN
Name: DSA-1189
External Source: CONFIRM
Name: http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
External Source: CONFIRM
Name: http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
External Source: MLIST
Name: [security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability
External Source: CONFIRM
Name: http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
External Source: SLACKWARE
Name: SSA:2006-272-02
External Source: SECTRACK
Name: 1016940
External Source: GENTOO
Name: GLSA-200611-06
External Source: FREEBSD
Name: FreeBSD-SA-06:22
External Source: SECUNIA
Name: 24805
External Source: SECUNIA
Name: 24479
External Source: SECUNIA
Name: 23680
External Source: SECUNIA
Name: 22926
External Source: SECUNIA
Name: 22823
External Source: SECUNIA
Name: 22495
External Source: SECUNIA
Name: 22487
External Source: SECUNIA
Name: 22362
External Source: SECUNIA
Name: 22352
External Source: SECUNIA
Name: 22270
External Source: SECUNIA
Name: 22245
External Source: SECUNIA
Name: 22236
External Source: SECUNIA
Name: 22208
External Source: SECUNIA
Name: 22196
External Source: SECUNIA
Name: 22183
External Source: SECUNIA
Name: 22173
External Source: SECUNIA
Name: 22158
External Source: CONFIRM
Name: http://openssh.org/txt/release-4.4
External Source: MLIST
Name: [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released
External Source: MLIST
Name: [freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
External Source: MANDRIVA
Name: MDKSA-2006:179
External Source: CONFIRM
Name: http://docs.info.apple.com/article.html?artnum=305214
External Source: SGI
Name: 20061001-01-P
External Source: FREEBSD
Name: FreeBSD-SA-06:22.openssh
External Source: MANDRIVA
Name: MDKSA-2006:179
External Source: CONFIRM
Name: http://sourceforge.net/forum/forum.php?forum_id=681763
External Source: SECUNIA
Name: 24799
External Source: APPLE
Name: APPLE-SA-2007-03-13