ID CVE-2006-5052
Summary Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
References
Vulnerable Configurations
  • OpenBSD OpenSSH 1.2
    cpe:2.3:a:openbsd:openssh:1.2
  • OpenBSD OpenSSH 1.2.1
    cpe:2.3:a:openbsd:openssh:1.2.1
  • OpenBSD OpenSSH 1.2.2
    cpe:2.3:a:openbsd:openssh:1.2.2
  • OpenBSD OpenSSH 1.2.3
    cpe:2.3:a:openbsd:openssh:1.2.3
  • OpenBSD OpenSSH 1.2.27
    cpe:2.3:a:openbsd:openssh:1.2.27
  • OpenBSD OpenSSH 2.1
    cpe:2.3:a:openbsd:openssh:2.1
  • OpenBSD OpenSSH 2.1.1
    cpe:2.3:a:openbsd:openssh:2.1.1
  • OpenBSD OpenSSH 2.2
    cpe:2.3:a:openbsd:openssh:2.2
  • OpenBSD OpenSSH 2.3
    cpe:2.3:a:openbsd:openssh:2.3
  • OpenBSD OpenSSH 2.5
    cpe:2.3:a:openbsd:openssh:2.5
  • OpenBSD OpenSSH 2.5.1
    cpe:2.3:a:openbsd:openssh:2.5.1
  • OpenBSD OpenSSH 2.5.2
    cpe:2.3:a:openbsd:openssh:2.5.2
  • OpenBSD OpenSSH 2.9
    cpe:2.3:a:openbsd:openssh:2.9
  • OpenBSD OpenSSH 2.9.9
    cpe:2.3:a:openbsd:openssh:2.9.9
  • OpenBSD OpenSSH 2.9.9 p2
    cpe:2.3:a:openbsd:openssh:2.9.9p2
  • OpenBSD OpenSSH 2.9 p1
    cpe:2.3:a:openbsd:openssh:2.9p1
  • OpenBSD OpenSSH 2.9 p2
    cpe:2.3:a:openbsd:openssh:2.9p2
  • OpenBSD OpenSSH 3.0
    cpe:2.3:a:openbsd:openssh:3.0
  • OpenBSD OpenSSH 3.0.1
    cpe:2.3:a:openbsd:openssh:3.0.1
  • OpenBSD OpenSSH 3.0.1 p1
    cpe:2.3:a:openbsd:openssh:3.0.1p1
  • OpenBSD OpenSSH 3.0.2
    cpe:2.3:a:openbsd:openssh:3.0.2
  • OpenBSD OpenSSH 3.0.2p1
    cpe:2.3:a:openbsd:openssh:3.0.2p1
  • OpenBSD OpenSSH 3.0 p1
    cpe:2.3:a:openbsd:openssh:3.0p1
  • OpenBSD OpenSSH 3.1
    cpe:2.3:a:openbsd:openssh:3.1
  • OpenBSD OpenSSH 3.1 p1
    cpe:2.3:a:openbsd:openssh:3.1p1
  • OpenBSD OpenSSH 3.2
    cpe:2.3:a:openbsd:openssh:3.2
  • OpenBSD OpenSSH 3.2.2
    cpe:2.3:a:openbsd:openssh:3.2.2
  • OpenBSD OpenSSH 3.2.2 p1
    cpe:2.3:a:openbsd:openssh:3.2.2p1
  • OpenBSD OpenSSH 3.2.3 p1
    cpe:2.3:a:openbsd:openssh:3.2.3p1
  • OpenBSD OpenSSH 3.3
    cpe:2.3:a:openbsd:openssh:3.3
  • OpenBSD OpenSSH 3.3 p1
    cpe:2.3:a:openbsd:openssh:3.3p1
  • OpenBSD OpenSSH 3.4
    cpe:2.3:a:openbsd:openssh:3.4
  • OpenBSD OpenSSH 3.4 p1
    cpe:2.3:a:openbsd:openssh:3.4p1
  • OpenBSD OpenSSH 3.5
    cpe:2.3:a:openbsd:openssh:3.5
  • OpenBSD OpenSSH 3.5 p1
    cpe:2.3:a:openbsd:openssh:3.5p1
  • OpenBSD OpenSSH 3.6
    cpe:2.3:a:openbsd:openssh:3.6
  • OpenBSD OpenSSH 3.6.1
    cpe:2.3:a:openbsd:openssh:3.6.1
  • OpenBSD OpenSSH 3.6.1 p1
    cpe:2.3:a:openbsd:openssh:3.6.1p1
  • OpenBSD OpenSSH 3.6.1 p2
    cpe:2.3:a:openbsd:openssh:3.6.1p2
  • OpenBSD OpenSSH 3.7
    cpe:2.3:a:openbsd:openssh:3.7
  • OpenBSD OpenSSH 3.7.1
    cpe:2.3:a:openbsd:openssh:3.7.1
  • OpenBSD OpenSSH 3.7.1 p1
    cpe:2.3:a:openbsd:openssh:3.7.1p1
  • OpenBSD OpenSSH 3.7.1 p2
    cpe:2.3:a:openbsd:openssh:3.7.1p2
  • OpenBSD OpenSSH 3.8
    cpe:2.3:a:openbsd:openssh:3.8
  • OpenBSD OpenSSH 3.8.1
    cpe:2.3:a:openbsd:openssh:3.8.1
  • OpenBSD OpenSSH 3.8.1 p1
    cpe:2.3:a:openbsd:openssh:3.8.1p1
  • OpenBSD OpenSSH 3.9
    cpe:2.3:a:openbsd:openssh:3.9
  • OpenBSD OpenSSH 3.9.1
    cpe:2.3:a:openbsd:openssh:3.9.1
  • OpenBSD OpenSSH 3.9.1 p1
    cpe:2.3:a:openbsd:openssh:3.9.1p1
  • OpenBSD OpenSSH 4.0
    cpe:2.3:a:openbsd:openssh:4.0
  • OpenBSD OpenSSH Portable 4.0.p1
    cpe:2.3:a:openbsd:openssh:4.0p1
  • OpenBSD OpenSSH Portable 4.1.p1
    cpe:2.3:a:openbsd:openssh:4.1p1
  • OpenBSD OpenSSH 4.2
    cpe:2.3:a:openbsd:openssh:4.2
  • OpenBSD OpenSSH Portable 4.2.p1
    cpe:2.3:a:openbsd:openssh:4.2p1
  • OpenBSD OpenSSH 4.3
    cpe:2.3:a:openbsd:openssh:4.3
  • OpenBSD OpenSSH Portable 4.3.p1
    cpe:2.3:a:openbsd:openssh:4.3p1
CVSS
Base: 5.0 (as of 28-09-2006 - 14:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0540.NASL
    description Updated openssh packages that fix a security issue and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in the OpenSSH server, a remote attacker was potentially able to determine if a username is valid. (CVE-2006-5052) The following bugs in SELinux MLS (Multi-Level Security) support has also been fixed in this update : * It was sometimes not possible to select a SELinux role and level when logging in using ssh. * If the user obtained a non-default SELinux role or level, the role change was not recorded in the audit subsystem. * In some cases, on labeled networks, sshd allowed logins from level ranges it should not allow. The updated packages also contain experimental support for using private keys stored in PKCS#11 tokens for client authentication. The support is provided through the NSS (Network Security Services) library. All users of openssh should upgrade to these updated packages, which contain patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27829
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27829
    title RHEL 5 : openssh (RHSA-2007:0540)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_4_9.NASL
    description The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 24811
    published 2007-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24811
    title Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0703.NASL
    description Updated openssh packages that fix two security issues and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in OpenSSH server, a remote attacker may have been able to determine if a username is valid. (CVE-2006-5052) The following bugs were also fixed : * the ssh daemon did not generate audit messages when an ssh session was closed. * GSSAPI authentication sometimes failed on clusters using DNS or load-balancing. * the sftp client and server leaked small amounts of memory in some cases. * the sftp client didn't properly exit and return non-zero status in batch mode when the destination disk drive was full. * when restarting the ssh daemon with the initscript, the ssh daemon was sometimes not restarted successfully because the old running ssh daemon was not properly killed. * with challenge/response authentication enabled, the pam sub-process was not terminated if the user authentication timed out. All users of openssh should upgrade to these updated packages, which contain patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28237
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28237
    title RHEL 4 : openssh (RHSA-2007:0703)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_OPENSSH_ON_SL4_X.NASL
    description A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in OpenSSH server, a remote attacker may have been able to determine if a username is valid. (CVE-2006-5052) The following bugs were also fixed : - the ssh daemon did not generate audit messages when an ssh session was closed. - GSSAPI authentication sometimes failed on clusters using DNS or load-balancing. - the sftp client and server leaked small amounts of memory in some cases. - the sftp client didn't properly exit and return non-zero status in batch mode when the destination disk drive was full. - when restarting the ssh daemon with the initscript, the ssh daemon was sometimes not restarted successfully because the old running ssh daemon was not properly killed. - with challenge/response authentication enabled, the pam sub-process was not terminated if the user authentication timed out.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60306
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60306
    title Scientific Linux Security Update : openssh on SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0697.NASL
    description Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22473
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22473
    title RHEL 3 / 4 : openssh (RHSA-2006:0697)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0697.NASL
    description Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22485
    published 2006-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22485
    title CentOS 3 / 4 : openssh / openssl (CESA-2006:0697)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-272-02.NASL
    description New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22468
    published 2006-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22468
    title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : openssh (SSA:2006-272-02)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0703.NASL
    description Updated openssh packages that fix two security issues and various bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in OpenSSH server, a remote attacker may have been able to determine if a username is valid. (CVE-2006-5052) The following bugs were also fixed : * the ssh daemon did not generate audit messages when an ssh session was closed. * GSSAPI authentication sometimes failed on clusters using DNS or load-balancing. * the sftp client and server leaked small amounts of memory in some cases. * the sftp client didn't properly exit and return non-zero status in batch mode when the destination disk drive was full. * when restarting the ssh daemon with the initscript, the ssh daemon was sometimes not restarted successfully because the old running ssh daemon was not properly killed. * with challenge/response authentication enabled, the pam sub-process was not terminated if the user authentication timed out. All users of openssh should upgrade to these updated packages, which contain patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67053
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67053
    title CentOS 4 : openssh (CESA-2007:0703)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSH-2184.NASL
    description Several security problems were fixed in OpenSSH : - A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. (CVE-2006-4924) - If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. (CVE-2006-4925) - Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. (CVE-2006-5051) - Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. (CVE-2006-5052)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29538
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29538
    title SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 2184)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-06 (OpenSSH: Multiple Denial of Service vulnerabilities) Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. Impact : The pre-authentication and signal handler vulnerabilities can cause a Denial of Service in OpenSSH. The vulnerability in the GSSAPI authentication abort could be used to determine the validity of usernames on some platforms. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 23671
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23671
    title GLSA-200611-06 : OpenSSH: Multiple Denial of Service vulnerabilities
  • NASL family Misc.
    NASL id OPENSSH_44.NASL
    description According to its banner, the version of OpenSSH installed on the remote host is affected by multiple vulnerabilities : - A race condition exists that may allow an unauthenticated, remote attacker to crash the service or, on portable OpenSSH, possibly execute code on the affected host. Note that successful exploitation requires that GSSAPI authentication be enabled. - A flaw exists that may allow an attacker to determine the validity of usernames on some platforms. Note that this issue requires that GSSAPI authentication be enabled. - When SSH version 1 is used, an issue can be triggered via an SSH packet that contains duplicate blocks that could result in a loss of availability for the service. - On Fedora Core 6 (and possibly other systems), an unspecified vulnerability in the linux_audit_record_event() function allows remote attackers to inject incorrect information into audit logs.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 22466
    published 2006-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22466
    title OpenSSH < 4.4 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071109_OPENSSH_ON_SL5.NASL
    description Problem description : A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in the OpenSSH server, a remote attacker was potentially able to determine if a username is valid. (CVE-2006-5052) The following bugs in SELinux MLS (Multi-Level Security) support has also been fixed in this update : - It was sometimes not possible to select a SELinux role and level when logging in using ssh. - If the user obtained a non-default SELinux role or level, the role change was not recorded in the audit subsystem. - In some cases, on labeled networks, sshd allowed logins from level ranges it should not allow. The updated packages also contain experimental support for using private keys stored in PKCS#11 tokens for client authentication. The support is provided through the NSS (Network Security Services) library.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60296
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60296
    title Scientific Linux Security Update : openssh on SL5.x
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0697.NASL
    description From Red Hat Security Advisory 2006:0697 : Updated openssh packages that fix two security flaws are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67412
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67412
    title Oracle Linux 4 : openssh (ELSA-2006-0697)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSH-2183.NASL
    description Several security problems were fixed in OpenSSH : - CVE-2006-4924: A denial of service problem has been fixed in OpenSSH which could be used to cause lots of CPU consumption on a remote openssh server. - CVE-2006-4925: If a remote attacker is able to inject network traffic this could be used to cause a client connection to close. - CVE-2006-5051: Fixed an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. This vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. - CVE-2006-5052: Fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27365
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27365
    title openSUSE 10 Security Update : openssh (openssh-2183)
  • NASL family Misc.
    NASL id SUNSSH_PLAINTEXT_RECOVERY.NASL
    description The version of SunSSH running on the remote host has an information disclosure vulnerability. A design flaw in the SSH specification could allow a man-in-the-middle attacker to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. An attacker could exploit this to gain access to sensitive information. Note that this version of SunSSH is also prone to several additional issues but Nessus did not test for them.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 55992
    published 2011-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55992
    title SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure
oval via4
accepted 2013-04-29T04:02:47.917-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
family unix
id oval:org.mitre.oval:def:10178
status accepted
submitted 2010-07-09T03:56:16-04:00
title Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2006:0697
  • rhsa
    id RHSA-2007:0540
  • rhsa
    id RHSA-2007:0703
rpms
  • openssh-0:4.3p2-24.el5
  • openssh-askpass-0:4.3p2-24.el5
  • openssh-clients-0:4.3p2-24.el5
  • openssh-server-0:4.3p2-24.el5
  • openssh-0:3.9p1-8.RHEL4.24
  • openssh-askpass-0:3.9p1-8.RHEL4.24
  • openssh-askpass-gnome-0:3.9p1-8.RHEL4.24
  • openssh-clients-0:3.9p1-8.RHEL4.24
  • openssh-server-0:3.9p1-8.RHEL4.24
refmap via4
apple APPLE-SA-2007-03-13
bid 20245
bugtraq 20061005 rPSA-2006-0185-1 gnome-ssh-askpass openssh openssh-client openssh-server
cert TA07-072A
confirm
gentoo GLSA-200611-06
mlist [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released
osvdb 29266
sectrack 1016939
secunia
  • 22158
  • 22173
  • 22495
  • 22823
  • 24479
  • 27588
  • 28320
slackware SSA:2006-272-02
suse SUSE-SA:2006:062
vupen ADV-2007-0930
xf openssh-gssapi-user-enumeration(29255)
statements via4
contributor Joshua Bressers
lastmodified 2009-09-24
organization Red Hat
statement This issue did not affect Red Hat Enterprise Linux 2.1 and 3. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2007-0703.html and https://rhn.redhat.com/errata/RHSA-2007-0540.html respectively.
Last major update 17-10-2016 - 23:41
Published 27-09-2006 - 19:07
Last modified 17-10-2018 - 17:40
Back to Top