National Cyber-Alert System

Vulnerability Summary for CVE-2006-5051

Overview

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#851340

Name: VU#851340

Hyperlink:http://www.kb.cert.org/vuls/id/851340

US-CERT Technical Alert: TA07-072A

Name: TA07-072A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-072A.html

External Source: XF

Name: openssh-signal-handler-race-condition(29254)

Hyperlink:http://xforce.iss.net/xforce/xfdb/29254

External Source: CONFIRM

Name: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

Hyperlink:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

External Source: CONFIRM

Name: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

Hyperlink:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

External Source: UBUNTU

Name: USN-355-1

Hyperlink:http://www.ubuntu.com/usn/usn-355-1

External Source: BID

Name: 20241

Hyperlink:http://www.securityfocus.com/bid/20241

External Source: REDHAT

Name: RHSA-2006:0698

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0698.html

External Source: REDHAT

Name: RHSA-2006:0697

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0697.html

External Source: OSVDB

Name: 29264

Hyperlink:http://www.osvdb.org/29264

External Source: OPENPKG

Name: OpenPKG-SA-2006.022

Hyperlink:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html

External Source: OPENBSD

Name: [2.9] 015: SECURITY FIX: October 12, 2006

Hyperlink:http://www.openbsd.org/errata.html#ssh

External Source: SUSE

Name: SUSE-SA:2006:062

Hyperlink:http://www.novell.com/linux/security/advisories/2006_62_openssh.html

External Source: VUPEN

Name: ADV-2007-1332

Hyperlink:http://www.frsirt.com/english/advisories/2007/1332

External Source: VUPEN

Name: ADV-2007-0930

Hyperlink:http://www.frsirt.com/english/advisories/2007/0930

External Source: VUPEN

Name: ADV-2006-4329

Hyperlink:http://www.frsirt.com/english/advisories/2006/4329

External Source: VUPEN

Name: ADV-2006-4018

Hyperlink:http://www.frsirt.com/english/advisories/2006/4018

External Source: DEBIAN

Name: DSA-1212

Hyperlink:http://www.debian.org/security/2006/dsa-1212

External Source: DEBIAN

Name: DSA-1189

Hyperlink:http://www.debian.org/security/2006/dsa-1189

External Source: CONFIRM

Name: http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf

Hyperlink:http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf

External Source: CONFIRM

Name: http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf

Hyperlink:http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf

External Source: MLIST

Name: [security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability

Hyperlink:http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm

External Source: SLACKWARE

Name: SSA:2006-272-02

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566

External Source: SECTRACK

Name: 1016940

Hyperlink:http://securitytracker.com/id?1016940

External Source: GENTOO

Name: GLSA-200611-06

Hyperlink:http://security.gentoo.org/glsa/glsa-200611-06.xml

External Source: FREEBSD

Name: FreeBSD-SA-06:22

Hyperlink:http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc

External Source: SECUNIA

Name: 24805

Hyperlink:http://secunia.com/advisories/24805

External Source: SECUNIA

Name: 24479

Hyperlink:http://secunia.com/advisories/24479

External Source: SECUNIA

Name: 23680

Hyperlink:http://secunia.com/advisories/23680

External Source: SECUNIA

Name: 22926

Hyperlink:http://secunia.com/advisories/22926

External Source: SECUNIA

Name: 22823

Hyperlink:http://secunia.com/advisories/22823

External Source: SECUNIA

Name: 22495

Hyperlink:http://secunia.com/advisories/22495

External Source: SECUNIA

Name: 22487

Hyperlink:http://secunia.com/advisories/22487

External Source: SECUNIA

Name: 22362

Hyperlink:http://secunia.com/advisories/22362

External Source: SECUNIA

Name: 22352

Hyperlink:http://secunia.com/advisories/22352

External Source: SECUNIA

Name: 22270

Hyperlink:http://secunia.com/advisories/22270

External Source: SECUNIA

Name: 22245

Hyperlink:http://secunia.com/advisories/22245

External Source: SECUNIA

Name: 22236

Hyperlink:http://secunia.com/advisories/22236

External Source: SECUNIA

Name: 22208

Hyperlink:http://secunia.com/advisories/22208

External Source: SECUNIA

Name: 22196

Hyperlink:http://secunia.com/advisories/22196

External Source: SECUNIA

Name: 22183

Hyperlink:http://secunia.com/advisories/22183

External Source: SECUNIA

Name: 22173

Hyperlink:http://secunia.com/advisories/22173

External Source: SECUNIA

Name: 22158

Hyperlink:http://secunia.com/advisories/22158

External Source: CONFIRM

Name: http://openssh.org/txt/release-4.4

Hyperlink:http://openssh.org/txt/release-4.4

External Source: MLIST

Name: [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released

Hyperlink:http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2

External Source: MLIST

Name: [freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh

Hyperlink:http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html

External Source: MANDRIVA

Name: MDKSA-2006:179

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:179

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=305214

Hyperlink:http://docs.info.apple.com/article.html?artnum=305214

External Source: SGI

Name: 20061001-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

External Source: FREEBSD

Name: FreeBSD-SA-06:22.openssh

Hyperlink:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc

External Source: MANDRIVA

Name: MDKSA-2006:179

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:179

External Source: CONFIRM

Name: http://sourceforge.net/forum/forum.php?forum_id=681763

Hyperlink:http://sourceforge.net/forum/forum.php?forum_id=681763

External Source: SECUNIA

Name: 24799

Hyperlink:http://secunia.com/advisories/24799

External Source: APPLE

Name: APPLE-SA-2007-03-13

Hyperlink:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html