SUSE CVE-2011-5000

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference

A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the gssapi-with-mic authentication method and cause the server to panic...

DEBIAN-CVE-2011-5000

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

CVE-2011-5000

The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...

CVE-2011-5000

OpenSSH

OpenSSH < 5.9 Multiple DoS

According to its banner, the version of OpenSSH running on the remote host is prior to version 5.9. Such versions are affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists in the gss-serv.c 'sshgssapiparseename' function. A remote attacker may be able...