Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-5051 | First vendor Publication | 2006-09-27 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 8.1 | ||
| Base Score | 8.1 | Environmental Score | 8.1 |
| impact SubScore | 5.9 | Temporal Score | 8.1 |
| Exploitabality Sub Score | 2.2 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-415 | Double Free |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11387 | |||
| Oval ID: | oval:org.mitre.oval:def:11387 | ||
| Title: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
| Description: | Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-5051 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for OpenSSH File : nvt/sles9p5019505.nasl |
| 2009-03-23 | Name : Ubuntu Update for openssh vulnerabilities USN-649-1 File : nvt/gb_ubuntu_USN_649_1.nasl |
| 2009-02-27 | Name : Fedora Update for openssh FEDORA-2007-395 File : nvt/gb_fedora_2007_395_openssh_fc5.nasl |
| 2008-09-24 | Name : Debian Security Advisory DSA 1638-1 (openssh) File : nvt/deb_1638_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-06 (openssh) File : nvt/glsa_200611_06.nasl |
| 2008-09-04 | Name : FreeBSD Ports: openssh File : nvt/freebsd_openssh.nasl |
| 2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc) File : nvt/freebsdsa_openssh3.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1189-1 (openssh-krb5) File : nvt/deb_1189_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6)) File : nvt/deb_1212_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-272-02 openssh File : nvt/esoft_slk_ssa_2006_272_02.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 29264 | OpenSSH Signal Handler Pre-authentication Race Condition Code Execution OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-08-16 | IAVM : 2012-A-0136 - Multiple Vulnerabilities in Juniper Network Management Products Severity : Category I - VMSKEY : V0033662 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-01-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL6736.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_2012_1.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
| 2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-649-1.nasl - Type : ACT_GATHER_INFO |
| 2008-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1638.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssh-2184.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-355-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_openssh-2183.nasl - Type : ACT_GATHER_INFO |
| 2007-04-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-395.nasl - Type : ACT_GATHER_INFO |
| 2007-03-13 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_10_4_9.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-179.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_062.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1011.nasl - Type : ACT_GATHER_INFO |
| 2006-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-06.nasl - Type : ACT_GATHER_INFO |
| 2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1212.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1189.nasl - Type : ACT_GATHER_INFO |
| 2006-10-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_32db37a550c311dbacf3000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
| 2006-10-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
| 2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0697.nasl - Type : ACT_GATHER_INFO |
| 2006-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0698.nasl - Type : ACT_GATHER_INFO |
| 2006-09-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-272-02.nasl - Type : ACT_GATHER_INFO |
| 2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:19:24 |
|
| 2024-11-28 12:10:09 |
|
| 2024-08-02 17:27:45 |
|
| 2024-08-02 05:28:07 |
|
| 2024-08-02 01:36:28 |
|
| 2024-08-02 01:02:03 |
|
| 2024-07-29 09:27:41 |
|
| 2024-07-29 00:27:42 |
|
| 2024-07-01 21:27:47 |
|
| 2024-02-02 21:28:26 |
|
| 2024-02-02 01:05:02 |
|
| 2024-02-01 12:02:03 |
|
| 2023-09-05 12:04:42 |
|
| 2023-09-05 01:01:54 |
|
| 2023-09-02 12:04:46 |
|
| 2023-09-02 01:01:54 |
|
| 2023-08-12 12:05:37 |
|
| 2023-08-12 01:01:55 |
|
| 2023-08-11 12:04:50 |
|
| 2023-08-11 01:01:57 |
|
| 2023-08-06 12:04:35 |
|
| 2023-08-06 01:01:55 |
|
| 2023-08-04 12:04:41 |
|
| 2023-08-04 01:01:58 |
|
| 2023-07-14 12:04:39 |
|
| 2023-07-14 01:01:56 |
|
| 2023-03-29 01:05:04 |
|
| 2023-03-28 12:02:01 |
|
| 2022-10-11 12:04:07 |
|
| 2022-10-11 01:01:47 |
|
| 2022-08-05 12:03:58 |
|
| 2021-05-04 12:04:39 |
|
| 2021-04-22 01:05:18 |
|
| 2020-07-25 12:02:12 |
|
| 2020-05-23 00:18:28 |
|
| 2017-10-11 09:23:46 |
|
| 2017-07-20 09:23:55 |
|
| 2016-10-18 12:02:06 |
|
| 2016-06-28 15:58:12 |
|
| 2016-04-26 15:08:05 |
|
| 2016-01-29 13:26:20 |
|
| 2014-02-17 10:37:25 |
|
| 2013-11-11 12:37:37 |
|
| 2013-05-11 11:10:41 |
|
