CVE-2011-5000 - Vulnerability Details

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openbsd	Openssh
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:openbsd:openssh::::::::
	cpe:2.3:a:openbsd:openssh:1.2:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.1:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.2:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.3:::::::*
	cpe:2.3:a:openbsd:openssh:1.2.27:::::::*
	cpe:2.3:a:openbsd:openssh:1.3:::::::*
	cpe:2.3:a:openbsd:openssh:1.5:::::::*
	cpe:2.3:a:openbsd:openssh:1.5.7:::::::*
	cpe:2.3:a:openbsd:openssh:1.5.8:::::::*
	cpe:2.3:a:openbsd:openssh:3.0:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.0.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.0p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.2:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.2.3p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.3:::::::*
	cpe:2.3:a:openbsd:openssh:3.3p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.4:::::::*
	cpe:2.3:a:openbsd:openssh:3.4p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.5:::::::*
	cpe:2.3:a:openbsd:openssh:3.5p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.6.1p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.7:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.7.1p2:::::::*
	cpe:2.3:a:openbsd:openssh:3.8:::::::*
	cpe:2.3:a:openbsd:openssh:3.8.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.8.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:3.9:::::::*
	cpe:2.3:a:openbsd:openssh:3.9.1:::::::*
	cpe:2.3:a:openbsd:openssh:3.9.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.0:::::::*
	cpe:2.3:a:openbsd:openssh:4.0p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.1:::::::*
	cpe:2.3:a:openbsd:openssh:4.1p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.2:::::::*
	cpe:2.3:a:openbsd:openssh:4.2p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.3:::::::*
	cpe:2.3:a:openbsd:openssh:4.3p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.3p2:::::::*
	cpe:2.3:a:openbsd:openssh:4.4:::::::*
	cpe:2.3:a:openbsd:openssh:4.4p1:::::::*
	cpe:2.3:a:openbsd:openssh:4.5:::::::*
	cpe:2.3:a:openbsd:openssh:4.6:::::::*
	cpe:2.3:a:openbsd:openssh:4.7:::::::*
	cpe:2.3:a:openbsd:openssh:4.8:::::::*
	cpe:2.3:a:openbsd:openssh:4.9:::::::*
	cpe:2.3:a:openbsd:openssh:5.0:::::::*
	cpe:2.3:a:openbsd:openssh:5.1:::::::*
	cpe:2.3:a:openbsd:openssh:5.2:::::::*
	cpe:2.3:a:openbsd:openssh:5.3:::::::*
	cpe:2.3:a:openbsd:openssh:5.4:::::::*
	cpe:2.3:a:openbsd:openssh:5.5:::::::*
cpe:2.3:a:openbsd:openssh:5.6:::::::*
cpe:2.3:a:openbsd:openssh:5.7:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
openssh-0:5.3p1-81.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2012:0884	2012-06-19T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2012-0884.html
http://seclists.org/fulldisclosure/2011/Aug/2
http://site.pi3.com.pl/adv/ssh_1.txt
https://nvd.nist.gov/vuln/detail/CVE-2011-5000
https://www.cve.org/CVERecord?id=CVE-2011-5000

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-04-04T10:00:00

Updated: 2024-08-07T00:23:39.092Z

Reserved: 2011-12-24T00:00:00

Link: CVE-2011-5000

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-04-05T14:55:03.590

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-5000

Redhat

Severity : Low

Publid Date: 2011-08-01T00:00:00Z

Links: CVE-2011-5000 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-23T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Aug/2"}, {"name": "RHSA-2012:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"}, {"tags": ["x_refsource_MISC"], "url": "http://site.pi3.com.pl/adv/ssh_1.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5000", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Aug/2"}, {"name": "RHSA-2012:0884", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"}, {"name": "http://site.pi3.com.pl/adv/ssh_1.txt", "refsource": "MISC", "url": "http://site.pi3.com.pl/adv/ssh_1.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:39.092Z"}, "title": "CVE Program Container", "references": [{"name": "20110801 Useless OpenSSH resources exhausion bug via GSSAPI", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Aug/2"}, {"name": "RHSA-2012:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://site.pi3.com.pl/adv/ssh_1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-5000", "datePublished": "2012-04-04T10:00:00", "dateReserved": "2011-12-24T00:00:00", "dateUpdated": "2024-08-07T00:23:39.092Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED7FD807-BC4A-4F8F-B9F0-49BCF2E687C7", "versionEndIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "316C8534-9CE3-456C-A04E-5D2B789FBE31", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7BEB67BB-A442-46C2-8BC1-BBEB009AC532", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6E307F1-C765-409C-835C-133026A5179C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "CA997F5E-29FE-454A-9006-001D732CD4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "114134F3-BDFD-465D-8317-82F9D6EFA5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DAB55300-F90D-45D3-88BC-5ADCEC366264", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3EC5611-31B5-4253-B99A-E81C202768A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "43060323-1B51-45B4-BEB9-0E472896D8EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "5441C616-D127-42D9-88AA-0FC9AA16EB03", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "580008AC-2667-4708-8F7E-D70416A460EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E05D8E86-EC01-4589-B372-4DEB7845C81F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "764AD252-CA2F-4A87-BCAA-7747E8C410E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*", "matchCriteriaId": "269BB9F7-55E5-4CB3-8429-C37C7132799F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*", "matchCriteriaId": "C6E6F639-31A0-4026-B6D4-51BA79FB1D20", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0211BCE3-0DED-40BA-8A21-1A97B91F71C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5AD7BB30-AC79-4153-852C-1053DCF4DE53", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F48519C6-0C28-49A5-94C7-EF3AA88E2667", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*", "matchCriteriaId": "9E188C66-C8F1-4C13-AAFF-7C83B2A884B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*", "matchCriteriaId": "9039BE91-AF0A-41E7-8F9F-15375890E120", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "08BCB2EA-DF9D-4853-805B-29FA6274E2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*", "matchCriteriaId": "0F93417F-2498-4576-9F5D-B59F77D39669", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF3AB42C-B614-4746-99AD-E94140D91BF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "458167E5-9BC2-40BE-AC8A-9761A4F19494", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*", "matchCriteriaId": "86ACA0ED-A3D0-48A7-B06F-13709AD23B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB9262-D05E-4610-9C79-3EDE44AC7C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "8176879B-1875-4AC9-B15A-2ABCFCD04F88", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "FAA26A12-F96A-4025-BBCA-72B7A3B1E60C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*", "matchCriteriaId": "A02751E9-2D38-4495-9572-8D84D71D4773", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "7A36BEA2-DAE4-423C-8D85-0F6036351F98", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "DF23EBA1-D3A9-413F-9E83-43A91492C031", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*", "matchCriteriaId": "44CCF5CD-B434-4392-A79A-C1945D2AE30A", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "AEB456B8-9D8B-4985-858D-6A43FA5EE2E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "C35F4ABE-1B0C-4195-8F99-BF993A17882B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "ADC7352D-2916-47F7-A256-F897D763DC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AEC3FC36-B246-4DCB-8984-228525D9A356", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "BC861000-37D8-4B0F-BFA0-57E9BE125B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E003AB3C-8DF3-4AE8-82A3-984F30E5599B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*", "matchCriteriaId": "5EBE75FE-DDE2-43BA-80EF-15A6698EABC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1FF67D77-02AC-4807-984D-C5AE9799F051", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "683B26F0-5EA2-455A-8948-27C100BBA3AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*", "matchCriteriaId": "7279E1EC-DEBC-4ACC-925D-06A7697C162F", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7910598E-BEC1-4644-9DE4-D8BE505A4F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*", "matchCriteriaId": "FB416D0C-6C86-450F-8917-D4B1BD82AB1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*", "matchCriteriaId": "3640CCC9-EC4A-44A4-B747-7BAAAD3460C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "E3094069-AC2E-43BD-8094-D48E2526DECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B72CFB3-39C7-469C-AA59-69F5B8993BF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2A7154C4-8325-4495-92B1-B7897CD7303E", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "99BF4471-763B-485A-ABD5-C68AD0A14058", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*", "matchCriteriaId": "40B1B209-53B8-48DC-AFFC-BD69D5978A0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*", "matchCriteriaId": "7212E982-76F2-496C-9F08-EC4137F20804", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "52D13E08-7B08-44AA-9017-3EE3F6301E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2FBC7FF1-01EE-40A1-8735-14360A371803", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "987527F8-8A42-4729-A329-4D2AC8AFD6E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "93910448-8D6F-4F7E-9C7F-959754ABA50D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "3356FDFD-BEA5-45A5-A36B-D1153AFE6C23", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "9394B8AD-AB22-4955-8774-C6BA2B56A260", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "0C5D4A9B-1194-4D63-AAC2-8701C890BB0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*", "matchCriteriaId": "F75DB5AE-E99D-4827-B290-823E015AEE34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."}, {"lang": "es", "value": "La funci\u00f3n de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticaci\u00f3n est\u00e1 activada, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (excesivo consumo de memoria) a trav\u00e9s de un valor demasiado grande en un campo de longitud determinada. NOTA: puede haber escenarios limitados en el que este tema es relevante."}], "id": "CVE-2011-5000", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-05T14:55:03.590", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2011/Aug/2"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://site.pi3.com.pl/adv/ssh_1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0884.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2011/Aug/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://site.pi3.com.pl/adv/ssh_1.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0884", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssh-0:5.3p1-81.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-06-19T00:00:00Z"}], "bugzilla": {"description": "openssh: post-authentication resource exhaustion bug via GSSAPI", "id": "809938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809938"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-400", "details": ["The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant."], "name": "CVE-2011-5000", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2011-08-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-5000\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-5000"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object