OpenSSH GSSAPI Authentication Abort Username Enumeration

2006-09-29T00:00:00
ID OSVDB:29266
Type osvdb
Reporter OSVDB
Modified 2006-09-29T00:00:00

Description

Vulnerability Description

OpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.

Solution Description

Upgrade to version 4.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

OpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.

References:

Vendor Specific News/Changelog Entry: http://openssh.org/txt/release-4.4 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:22183 Secunia Advisory ID:22173 Secunia Advisory ID:22236 Secunia Advisory ID:22158 Secunia Advisory ID:22495 Secunia Advisory ID:22196 Secunia Advisory ID:22823 RedHat RHSA: RHSA-2006:0698 RedHat RHSA: RHSA-2006:0697 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc CVE-2006-5052