|
OpenSSH Signal Handling Vulnerability and User Enumeration Weakness
|
|
|
|
|
Secunia Advisory:
|
SA22173
|
|
|
Release Date:
|
2006-09-29
|
|
Last Update:
|
2007-11-08
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of system information
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | OpenSSH 3.x
OpenSSH 4.x
|
| | CVE reference: | CVE-2006-5051 (Secunia mirror)
CVE-2006-5052 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
A vulnerability and a weakness have been reported in OpenSSH, which can be exploited by malicious people to disclose certain system information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
1) A race condition exists within the signal handling. This can be exploited to crash the OpenSSH server and potentially allows the execution of arbitrary code.
The vulnerability is reported in version 4.3. Prior versions may also be affected.
2) An error in the processing of GSSAPI authentication requests can be exploited to determine if a username is valid.
The weakness is reported in versions prior to 4.4.
Solution:
Update to OpenSSH 4.4.
Provided and/or discovered by:
1) Mark Dowd
Changelog:
2006-09-29: Added CVE reference.
2006-10-05: Added US-CERT reference.
2007-11-08: Updated "Description" section.
Original Advisory:
http://openssh.org/txt/release-4.4
Other References:
http://rhn.redhat.com/errata/RHSA-2006-0697.html
US-CERT VU#851340:
http://www.kb.cert.org/vuls/id/851340
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
12 Related Secunia Security Advisories, displaying 10
|
|
|
1. OpenSSH "X11UseLocalhost" X11 Forwarding Security Issue
|
|
2. OpenSSH ForceCommand Bypass Weakness
|
|
3. OpenSSH X11 Forwarding Information Disclosure Vulnerability
|
|
4. OpenSSH Privilege Separation Monitor Weakness
|
|
5. OpenSSH Identical Blocks Denial of Service Vulnerability
|
|
6. OpenSSH scp Command Line Shell Command Injection
|
|
7. OpenSSH Two Security Issues
|
|
8. OpenSSH PAM implementation Vulnerability
|
|
9. OpenSSH "buffer_append_space()" Buffer Management Vulnerability
|
|
10. OpenSSH IP address restriction bypass
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
