FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5051

This CVE name corresponds to:

Entered Topic
2006-09-30 openssh -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5051 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5051
Phase Assigned(20060927)

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

References

Source Reference
MLIST [openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released
MLIST [freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
MLIST [security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability
CONFIRM http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
CONFIRM http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
CONFIRM http://docs.info.apple.com/article.html?artnum=305214
CONFIRM http://openssh.org/txt/release-4.4
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=681763
APPLE APPLE-SA-2007-03-13
DEBIAN DSA-1189
DEBIAN DSA-1212
FREEBSD FreeBSD-SA-06:22.openssh
FREEBSD FreeBSD-SA-06:22
GENTOO GLSA-200611-06
MANDRIVA MDKSA-2006:179
OPENBSD [2.9] 015: SECURITY FIX: October 12, 2006
OPENPKG OpenPKG-SA-2006.022
REDHAT RHSA-2006:0698
REDHAT RHSA-2006:0697
SGI 20061001-01-P
SLACKWARE SSA:2006-272-02
SUSE SUSE-SA:2006:062
UBUNTU USN-355-1
CERT TA07-072A
CERT-VN VU#851340
BID 20241
OVAL oval:org.mitre.oval:def:11387
VUPEN ADV-2006-4018
VUPEN ADV-2006-4329
VUPEN ADV-2007-0930
VUPEN ADV-2007-1332
OSVDB 29264
SECTRACK 1016940
SECUNIA 22158
SECUNIA 22173
SECUNIA 22183
SECUNIA 22196
SECUNIA 22236
SECUNIA 22270
SECUNIA 22208
SECUNIA 22245
SECUNIA 22352
SECUNIA 22362
SECUNIA 22495
SECUNIA 22487
SECUNIA 22823
SECUNIA 22926
SECUNIA 23680
SECUNIA 24479
SECUNIA 24805
SECUNIA 24799
XF openssh-signal-handler-race-condition(29254)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.