CVE-2011-5000Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-5000 | First vendor Publication | 2012-04-05 |
| Vendor | Cve | Last vendor Modification | 2012-07-21 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 3.5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentification | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-189 | Numeric Errors |
CPE : Common Platform Enumeration
Internal Sources (Detail)
| Source | Url |
|---|---|
| FULLDISC | http://seclists.org/fulldisclosure/2011/Aug/2 |
| MISC | http://site.pi3.com.pl/adv/ssh_1.txt |
| REDHAT | http://rhn.redhat.com/errata/RHSA-2012-0884.html |
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 23:12:15 |
|
(Low)
