Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2011-5000First vendor Publication2012-04-05
VendorCveLast vendor Modification2012-07-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21581
 
Oval ID: oval:org.mitre.oval:def:21581
Title: RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)
Description: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Family: unix Class: patch
Reference(s): RHSA-2012:0884-04
CESA-2012:0884
CVE-2011-5000
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23663
 
Oval ID: oval:org.mitre.oval:def:23663
Title: ELSA-2012:0884: openssh security, bug fix, and enhancement update (Low)
Description: The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Family: unix Class: patch
Reference(s): ELSA-2012:0884-04
CVE-2011-5000
Version: 6
Platform(s): Oracle Linux 6
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27843
 
Oval ID: oval:org.mitre.oval:def:27843
Title: ELSA-2012-0884 -- openssh security, bug fix, and enhancement update (low)
Description: [5.3p1-81] - fixes in openssh-5.3p1-required-authentications.patch (#657378) [5.3p1-79] - fix forward on non-localhost ports with IPv6 (#732955) [5.3p1-78] - clear SELinux exec context before exec passwd (#814691) [5.3p1-77] - prevent post-auth resource exhaustion (#809938) [5.3p1-76] - don't escape backslah in a banner (#809619) [5.3p1-75] - fix various issues in openssh-5.3p1-required-authentications.patch (#805901) [5.3p1-74] - fix out-of-memory killer patch (#744236) [5.3p1-73] - remove openssh-4.3p2-no-v6only.patch (#732955) - adjust Linux out-of-memory killer (#744236) - fix sshd init script - check existence of crypto (#797384) - add RequiredAuthentications[12] (#657378) - run privsep slave process as the users SELinux context (#798241) [5.3p1-72] - drop CAVS test driver (#782091) [5.3p1-71] - enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI (#756929) - add CAVS test driver for the aes-ctr ciphers (#782091)
Family: unix Class: patch
Reference(s): ELSA-2012-0884
CVE-2011-5000
Version: 3
Platform(s): Oracle Linux 6
Product(s): openssh
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application66

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for openssh CESA-2012:0884 centos6
File : nvt/gb_CESA-2012_0884_openssh_centos6.nasl
2012-06-22Name : RedHat Update for openssh RHSA-2012:0884-04
File : nvt/gb_RHSA-2012_0884-04_openssh.nasl

Nessus® Vulnerability Scanner

DateDescription
2014-05-12Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-99.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0884.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openssh-120813.nasl - Type : ACT_GATHER_INFO
2012-08-28Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssh-8248.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0884.nasl - Type : ACT_GATHER_INFO
2012-06-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0884.nasl - Type : ACT_GATHER_INFO
2011-11-18Name : The SSH server on the remote host has multiple denial of service vulnerabilit...
File : openssh_59.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
FULLDISChttp://seclists.org/fulldisclosure/2011/Aug/2
MISChttp://site.pi3.com.pl/adv/ssh_1.txt
REDHAThttp://rhn.redhat.com/errata/RHSA-2012-0884.html

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-05-13 13:24:58
  • Multiple Updates
2014-02-17 11:06:38
  • Multiple Updates
2013-05-10 23:12:15
  • Multiple Updates