CVE-2006-5794

high

Description

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

References

http://rhn.redhat.com/errata/RHSA-2006-0738.html

http://secunia.com/advisories/22771

http://secunia.com/advisories/22772

http://secunia.com/advisories/22773

http://secunia.com/advisories/22778

http://secunia.com/advisories/22814

http://secunia.com/advisories/22872

http://secunia.com/advisories/22932

http://secunia.com/advisories/23513

http://secunia.com/advisories/23680

http://secunia.com/advisories/24055

http://securitytracker.com/id?1017183

https://exchange.xforce.ibmcloud.com/vulnerabilities/30120

https://issues.rpath.com/browse/RPL-766

http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840

http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm

http://www.mandriva.com/security/advisories?name=MDKSA-2006:204

http://www.novell.com/linux/security/advisories/2006_26_sr.html

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

http://www.vupen.com/english/advisories/2006/4399

http://www.vupen.com/english/advisories/2006/4400

Details

Source: Mitre, NVD

Published: 2006-11-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High