CVE-2011-5000 - The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic a

CVE-2011-5000

Summary

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

References

Vulnerable Configurations

cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.9:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.2:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.3:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.4:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.5:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.6:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:-:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.8:p2:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 22-07-2012 - 03:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	809938
title	CVE-2011-5000 openssh: post-authentication resource exhaustion bug via GSSAPI

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment openssh is earlier than 0:5.3p1-81.el6
oval oval:com.redhat.rhsa:tst:20120884001
comment openssh is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884002

AND

comment openssh-askpass is earlier than 0:5.3p1-81.el6
oval oval:com.redhat.rhsa:tst:20120884003
comment openssh-askpass is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884004

AND

comment openssh-clients is earlier than 0:5.3p1-81.el6
oval oval:com.redhat.rhsa:tst:20120884005
comment openssh-clients is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884006

AND
comment openssh-ldap is earlier than 0:5.3p1-81.el6
oval oval:com.redhat.rhsa:tst:20120884007
comment openssh-ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884008

AND

comment openssh-server is earlier than 0:5.3p1-81.el6
oval oval:com.redhat.rhsa:tst:20120884009
comment openssh-server is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884010

AND

comment pam_ssh_agent_auth is earlier than 0:0.9-81.el6
oval oval:com.redhat.rhsa:tst:20120884011
comment pam_ssh_agent_auth is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20120884012

rhsa

id	RHSA-2012:0884
released	2012-06-19
severity	Low
title	RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)

rpms

openssh-0:5.3p1-81.el6
openssh-askpass-0:5.3p1-81.el6
openssh-clients-0:5.3p1-81.el6
openssh-debuginfo-0:5.3p1-81.el6
openssh-ldap-0:5.3p1-81.el6
openssh-server-0:5.3p1-81.el6
pam_ssh_agent_auth-0:0.9-81.el6

refmap via4

fulldisc	20110801 Useless OpenSSH resources exhausion bug via GSSAPI
misc	http://site.pi3.com.pl/adv/ssh_1.txt

Last major update

22-07-2012 - 03:33

Published

05-04-2012 - 14:55

Last modified

22-07-2012 - 03:33