CVE-2006-5051

high

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29254

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

http://www.openbsd.org/errata.html#ssh

http://www.mandriva.com/security/advisories?name=MDKSA-2006:179

http://www.kb.cert.org/vuls/id/851340

http://www.debian.org/security/2006/dsa-1189

http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm

http://security.gentoo.org/glsa/glsa-200611-06.xml

http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc

http://openssh.org/txt/release-4.4

http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2

http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Details

Source: Mitre, NVD

Published: 2006-09-27

Updated: 2024-02-02

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H