CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free...

CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free...

CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

CVE-2006-5052

OpenSSH before 4.4 on some platforms is vulnerable to a remote attacker determining the validity of usernames via a GSSAPI authentication abort. The issue affects portable OpenSSH versions prior to 4.4 and is discussed in multiple advisories (e.g., RHSA-2007:0703, RHSA-2007:0540, and related OSS/...

CVE-2006-5052

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."...

CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service crash, and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free...

CVE-2006-5051

CVE-2006-5051 describes a signal-handler race in OpenSSH before 4.4. The race can cause unsafe handling of signals, potentially crashing the daemon and, if triggered under certain conditions (e.g., with GSSAPI enabled), may lead to arbitrary code execution. The root cause is a race condition that...

MDKSA-2005:172 : openssh

Sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. GSSAPI is only enabled in versions of openssh shipped in...

openssh security update

CentOS Errata and Security Advisory CESA-2005:527 Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Securit...

Moderate: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix a security issue, bugs, and add support for recording login user IDs for audit are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure...

OpenSSH < 4.2 Multiple Vulnerabilities

According to its banner, the version of OpenSSH installed on the remote host has the following vulnerabilities : - X11 forwarding may be enabled unintentionally when multiple forwarding requests are made on the same session, or when an X11 listener is orphaned after a session goes away...

CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts...

CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to...

CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts...

CVE-2005-2798

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts...

OpenSSH < 4.2p1 GSSAPI Authentication Credential Escalation

Binary data 3205.prm...

PT-2005-3678 · Openssh +2 · Openssh +2

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 4.2 Description: The issue allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods when GSSAPIDelegateCredentials is enabled. This could cause those credentials to be exposed to...

Few OpenSSH vulnerabilities

GatewayPorts option can be incorrectly activated during dynamic port forwarding if no external interface is specified. If GSSAPIDelegateCredentials option is activated user who used different logon type can be delegated with GSSAPI credentials...