CVE-2006-5051 - Vulnerability Details

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server
Debian	Debian Linux
Openbsd	Openssh
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
openssh-0:3.1p1-21	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0698	2006-09-29T00:00:00Z
Red Hat Enterprise Linux 3
openssh-0:3.6.1p2-33.30.12	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0697	2006-09-29T00:00:00Z
Red Hat Enterprise Linux 4
openssh-0:3.9p1-8.RHEL4.17	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0697	2006-09-29T00:00:00Z

References

Link	Providers
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
http://openssh.org/txt/release-4.4
http://secunia.com/advisories/22158
http://secunia.com/advisories/22173
http://secunia.com/advisories/22183
http://secunia.com/advisories/22196
http://secunia.com/advisories/22208
http://secunia.com/advisories/22236
http://secunia.com/advisories/22245
http://secunia.com/advisories/22270
http://secunia.com/advisories/22352
http://secunia.com/advisories/22362
http://secunia.com/advisories/22487
http://secunia.com/advisories/22495
http://secunia.com/advisories/22823
http://secunia.com/advisories/22926
http://secunia.com/advisories/23680
http://secunia.com/advisories/24479
http://secunia.com/advisories/24799
http://secunia.com/advisories/24805
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
http://security.gentoo.org/glsa/glsa-200611-06.xml
http://securitytracker.com/id?1016940
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
http://sourceforge.net/forum/forum.php?forum_id=681763
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
http://www.debian.org/security/2006/dsa-1189
http://www.debian.org/security/2006/dsa-1212
http://www.kb.cert.org/vuls/id/851340
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
http://www.openbsd.org/errata.html#ssh
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
http://www.openwall.com/lists/oss-security/2024/07/01/3
http://www.openwall.com/lists/oss-security/2024/07/28/3
http://www.osvdb.org/29264
http://www.redhat.com/support/errata/RHSA-2006-0697.html
http://www.redhat.com/support/errata/RHSA-2006-0698.html
http://www.securityfocus.com/bid/20241
http://www.ubuntu.com/usn/usn-355-1
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
http://www.vupen.com/english/advisories/2006/4018
http://www.vupen.com/english/advisories/2006/4329
http://www.vupen.com/english/advisories/2007/0930
http://www.vupen.com/english/advisories/2007/1332
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
https://nvd.nist.gov/vuln/detail/CVE-2006-5051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387
https://www.cve.org/CVERecord?id=CVE-2006-5051
https://www.openwall.com/lists/oss-security/2024/07/28/3

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-09-27T23:00:00

Updated: 2024-08-07T19:32:23.380Z

Reserved: 2006-09-27T00:00:00

Link: CVE-2006-5051

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-09-27T23:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5051

Redhat

Severity : Important

Publid Date: 2006-09-28T00:00:00Z

Links: CVE-2006-5051 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2006-5051", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-07T19:32:23.380Z", "dateReserved": "2006-09-27T00:00:00", "datePublished": "2006-09-27T23:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-07-29T00:34:17.921429"}, "descriptions": [{"lang": "en", "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "FreeBSD-SA-06:22", "tags": ["vendor-advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=681763"}, {"name": "22270", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22270"}, {"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"}, {"name": "USN-355-1", "tags": ["vendor-advisory"], "url": "http://www.ubuntu.com/usn/usn-355-1"}, {"name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh", "tags": ["mailing-list"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"}, {"name": "oval:org.mitre.oval:def:11387", "tags": ["vdb-entry", "signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"}, {"url": "http://openssh.org/txt/release-4.4"}, {"name": "24805", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/24805"}, {"name": "VU#851340", "tags": ["third-party-advisory"], "url": "http://www.kb.cert.org/vuls/id/851340"}, {"name": "[2.9] 015: SECURITY FIX: October 12, 2006", "tags": ["vendor-advisory"], "url": "http://www.openbsd.org/errata.html#ssh"}, {"name": "22487", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22487"}, {"name": "TA07-072A", "tags": ["third-party-advisory"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"}, {"name": "GLSA-200611-06", "tags": ["vendor-advisory"], "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"}, {"name": "SUSE-SA:2006:062", "tags": ["vendor-advisory"], "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"}, {"name": "22362", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22362"}, {"name": "23680", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/23680"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"name": "22352", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22352"}, {"name": "ADV-2006-4329", "tags": ["vdb-entry"], "url": "http://www.vupen.com/english/advisories/2006/4329"}, {"name": "22236", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22236"}, {"name": "24799", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/24799"}, {"name": "ADV-2006-4018", "tags": ["vdb-entry"], "url": "http://www.vupen.com/english/advisories/2006/4018"}, {"name": "22495", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22495"}, {"name": "openssh-signal-handler-race-condition(29254)", "tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"}, {"name": "20241", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/20241"}, {"name": "ADV-2007-1332", "tags": ["vdb-entry"], "url": "http://www.vupen.com/english/advisories/2007/1332"}, {"name": "29264", "tags": ["vdb-entry"], "url": "http://www.osvdb.org/29264"}, {"name": "22823", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22823"}, {"name": "FreeBSD-SA-06:22.openssh", "tags": ["vendor-advisory"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"}, {"name": "SSA:2006-272-02", "tags": ["vendor-advisory"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"}, {"name": "RHSA-2006:0697", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"}, {"name": "OpenPKG-SA-2006.022", "tags": ["vendor-advisory"], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"}, {"name": "22183", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22183"}, {"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released", "tags": ["mailing-list"], "url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability", "tags": ["mailing-list"], "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"}, {"name": "22926", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22926"}, {"name": "22173", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22173"}, {"name": "1016940", "tags": ["vdb-entry"], "url": "http://securitytracker.com/id?1016940"}, {"name": "22208", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22208"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"}, {"name": "22245", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22245"}, {"name": "20061001-01-P", "tags": ["vendor-advisory"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"}, {"name": "22196", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22196"}, {"name": "DSA-1212", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2006/dsa-1212"}, {"name": "RHSA-2006:0698", "tags": ["vendor-advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"}, {"name": "22158", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/22158"}, {"name": "MDKSA-2006:179", "tags": ["vendor-advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"}, {"name": "DSA-1189", "tags": ["vendor-advisory"], "url": "http://www.debian.org/security/2006/dsa-1189"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"}, {"name": "24479", "tags": ["third-party-advisory"], "url": "http://secunia.com/advisories/24479"}, {"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"}, {"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2006-09-27T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:32:23.380Z"}, "title": "CVE Program Container", "references": [{"name": "FreeBSD-SA-06:22", "tags": ["vendor-advisory", "x_transferred"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"}, {"url": "http://sourceforge.net/forum/forum.php?forum_id=681763", "tags": ["x_transferred"]}, {"name": "22270", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22270"}, {"url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf", "tags": ["x_transferred"]}, {"name": "USN-355-1", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-355-1"}, {"name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh", "tags": ["mailing-list", "x_transferred"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html", "tags": ["x_transferred"]}, {"name": "oval:org.mitre.oval:def:11387", "tags": ["vdb-entry", "signature", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"}, {"url": "http://openssh.org/txt/release-4.4", "tags": ["x_transferred"]}, {"name": "24805", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/24805"}, {"name": "VU#851340", "tags": ["third-party-advisory", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/851340"}, {"name": "[2.9] 015: SECURITY FIX: October 12, 2006", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.openbsd.org/errata.html#ssh"}, {"name": "22487", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22487"}, {"name": "TA07-072A", "tags": ["third-party-advisory", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf", "tags": ["x_transferred"]}, {"name": "GLSA-200611-06", "tags": ["vendor-advisory", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"}, {"name": "SUSE-SA:2006:062", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"}, {"name": "22362", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22362"}, {"name": "23680", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/23680"}, {"name": "APPLE-SA-2007-03-13", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"url": "http://docs.info.apple.com/article.html?artnum=305214", "tags": ["x_transferred"]}, {"name": "22352", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22352"}, {"name": "ADV-2006-4329", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4329"}, {"name": "22236", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22236"}, {"name": "24799", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/24799"}, {"name": "ADV-2006-4018", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4018"}, {"name": "22495", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22495"}, {"name": "openssh-signal-handler-race-condition(29254)", "tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"}, {"name": "20241", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/20241"}, {"name": "ADV-2007-1332", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1332"}, {"name": "29264", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.osvdb.org/29264"}, {"name": "22823", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22823"}, {"name": "FreeBSD-SA-06:22.openssh", "tags": ["vendor-advisory", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"}, {"name": "SSA:2006-272-02", "tags": ["vendor-advisory", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"}, {"name": "RHSA-2006:0697", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"}, {"name": "OpenPKG-SA-2006.022", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"}, {"name": "22183", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22183"}, {"name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released", "tags": ["mailing-list", "x_transferred"], "url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"}, {"name": "ADV-2007-0930", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability", "tags": ["mailing-list", "x_transferred"], "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"}, {"name": "22926", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22926"}, {"name": "22173", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22173"}, {"name": "1016940", "tags": ["vdb-entry", "x_transferred"], "url": "http://securitytracker.com/id?1016940"}, {"name": "22208", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22208"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html", "tags": ["x_transferred"]}, {"name": "22245", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22245"}, {"name": "20061001-01-P", "tags": ["vendor-advisory", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"}, {"name": "22196", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22196"}, {"name": "DSA-1212", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1212"}, {"name": "RHSA-2006:0698", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"}, {"name": "22158", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/22158"}, {"name": "MDKSA-2006:179", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"}, {"name": "DSA-1189", "tags": ["vendor-advisory", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1189"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm", "tags": ["x_transferred"]}, {"name": "24479", "tags": ["third-party-advisory", "x_transferred"], "url": "http://secunia.com/advisories/24479"}, {"name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"}, {"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/28/3", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E3FE4E6-870E-4F84-9D50-7BF48ADFB380", "versionEndIncluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CE37418-3D19-483A-9ADE-2E38272A4ACC", "versionEndExcluding": "10.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "39D14EF2-E8E0-4021-A493-E822612FFB35", "versionEndIncluding": "10.4.8", "versionStartIncluding": "10.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9A9D63-EEA1-4289-8382-6CC91D2241A1", "versionEndExcluding": "10.3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D26E9A-DF4A-4795-BE74-2196127BB3E7", "versionEndIncluding": "10.4.8", "versionStartIncluding": "10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."}, {"lang": "es", "value": "Condici\u00f3n de carrera en el manejador de se\u00f1al OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario si la autenticaci\u00f3n GSSAPI est\u00e1 habilitada, a trav\u00e9s de vectores no especificados que conducen a una doble liberaci\u00f3n."}], "evaluatorImpact": "Successful code execution exploitation requires that GSSAPI authentication is enabled.", "id": "CVE-2006-5051", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2006-09-27T23:07:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://openssh.org/txt/release-4.4"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22158"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22173"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22183"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22196"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22208"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22236"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22245"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22270"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22352"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22362"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22487"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/22495"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22823"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22926"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/23680"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24479"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24799"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24805"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1016940"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.debian.org/security/2006/dsa-1189"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.debian.org/security/2006/dsa-1212"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/851340"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "http://www.openbsd.org/errata.html#ssh"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29264"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20241"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.ubuntu.com/usn/usn-355-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2006/4018"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2006/4329"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/1332"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"}, {"source": "secalert@redhat.com", "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://docs.info.apple.com/article.html?artnum=305214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://openssh.org/txt/release-4.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22236"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22245"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22362"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/22495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/22926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/23680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/24805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1016940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.debian.org/security/2006/dsa-1189"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.debian.org/security/2006/dsa-1212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/851340"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "http://www.openbsd.org/errata.html#ssh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.ubuntu.com/usn/usn-355-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2006/4018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2006/4329"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/0930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/1332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2006:0698", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "openssh-0:3.1p1-21", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2006-09-29T00:00:00Z"}, {"advisory": "RHSA-2006:0697", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "openssh-0:3.6.1p2-33.30.12", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2006-09-29T00:00:00Z"}, {"advisory": "RHSA-2006:0697", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "openssh-0:3.9p1-8.RHEL4.17", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-09-29T00:00:00Z"}], "bugzilla": {"description": "unsafe GSSAPI signal handler", "id": "208347", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208347"}, "csaw": false, "details": ["Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."], "name": "CVE-2006-5051", "public_date": "2006-09-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-5051\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-5051"], "statement": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object