Lucene search

K
f5F5F5:K6736
HistoryMar 27, 2013 - 12:00 a.m.

K6736 : OpenSSH vulnerabilities CAN-2006-5051, CAN-2006-4924

2013-03-2700:00:00
my.f5.com
27

6.3 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

98.8%

Security Advisory Description

Note: For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products.

Note: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F5 security vulnerability response policy.

F5 products and versions that have been evaluated for this Security Advisory

Product Affected Not Affected
BIG-IP LTM 9.0.x
9.1.x
9.2.x
9.4.0 - 9.4.1 9.3.x
9.4.2 - 9.4.8
9.6.x
10.x
11.x
BIG-IP GTM 9.2.x
9.4.0 - 9.4.1 9.3.x
9.4.2 - 9.4.8
10.x
11.x
BIG-IP ASM 9.2.x
9.4.0 - 9.4.1 9.3.x
9.4.2 - 9.4.8
10.x
11.x
BIG-IP Link Controller 9.2.x
9.4.0 - 9.4.1 9.3.x
9.4.2 - 9.4.8
10.x
11.x
BIG-IP WebAccelerator None 9.3.x
9.4.2 - 9.4.8
10.x
11.x
BIG-IP PSM None 9.4.5 - 9.4.8
10.x
11.x
BIG-IP WAN Optimization None 10.x
11.x
BIG-IP APM None 10.x
11.x
BIG-IP Edge Gateway None 10.x
11.x
BIG-IP Analytics None 11.x
BIG-IP AFM None 11.x
BIG-IP PEM
None 11.x
FirePass None 5.x
6.x
7.x
Enterprise Manager 1.0.0 - 1.4.0 1.4.1 - 1.8.0
2.x
3.x

This security advisory describes an OpenSSH Signal Handling vulnerability (CVE-2006-5051). A remote attacker could possibly leverage this flaw to cause a denial of service.

This security advisory also describes a denial of service bug (CVE-2006-4924) in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing the SSH daemon,sshd, to consume a large quantity of CPU resources.

Information about this advisory is available at the following locations:

Note: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.

<https://vulners.com/cve/CVE-2006-5051&gt;

<https://vulners.com/cve/CVE-2006-4924&gt;

Note: The vulnerable F5 products listed use the SSH versions determined to be vulnerable to advisory CVE-2006-5051. However, the GSSAPI authentication features required to exploit the vulnerability are not enabled.

F5 Product Development tracked this issue as CR70329, CR70330, and CR70313 for BIG-IP LTM, BIG-IP GTM and BIG-IP ASM, and it was fixed in version 9.4.2. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM release notes.

F5 Product Development tracked this issue as CR70315 for Enterprise Manager, and it was fixed in version 1.4.1. For information about upgrading, refer to the Enterprise Manager release notes.

6.3 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.926 High

EPSS

Percentile

98.8%