Vulnerability Note VU#851340
OpenSSH contains a race condition vulnerability
A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition.
OpenSSH is an open source client and server implementation of the Secure Shell (SSH) protocol.
The OpenSSH server includes the ability to authenticate via the Generic Security Services Application Programming Interface (GSSAPI). Versions of OpenSSH prior to 4.4 contain a race condition in a signal handler during a logging operation prior to user authentication.
A remote, unauthenticated attacker may be able to cause the OpenSSH server to crash, thereby creating a denial-of-service condition
See the systems affected section of this document for information about specific vendors. Users who compile OpenSSH from source are encouraged to update to the most recent version.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||13 Mar 2007|
|FreeBSD, Inc.||Affected||-||04 Oct 2006|
|Red Hat, Inc.||Affected||-||03 Oct 2006|
|Ubuntu||Affected||-||03 Oct 2006|
|OpenSSH||Unknown||-||03 Oct 2006|
CVSS Metrics (Learn More)
OpenSSH credits Mark Dowd for reporting this vulnerability.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-5051
- Date Public: 29 Sep 2006
- Date First Published: 04 Oct 2006
- Date Last Updated: 13 Mar 2007
- Severity Metric: 1.66
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.