CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Published : 2006-09-27 23:07 Updated : 2017-10-11 01:31

9.3
CVSS Score More info
Score 9.3 / 10
9.3
Vendor Product Version URI
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 2.1.1 cpe:/a:openbsd:openssh:2.1.1
Openbsd Openssh 2.9p1 cpe:/a:openbsd:openssh:2.9p1
Openbsd Openssh 2.9p2 cpe:/a:openbsd:openssh:2.9p2
Openbsd Openssh 2.5.2 cpe:/a:openbsd:openssh:2.5.2
Openbsd Openssh 2.5.1 cpe:/a:openbsd:openssh:2.5.1
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 2.9.9p2 cpe:/a:openbsd:openssh:2.9.9p2
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 2.1 cpe:/a:openbsd:openssh:2.1
Openbsd Openssh 2.3 cpe:/a:openbsd:openssh:2.3
Openbsd Openssh 2.2 cpe:/a:openbsd:openssh:2.2
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 2.9 cpe:/a:openbsd:openssh:2.9
Openbsd Openssh 2.9.9 cpe:/a:openbsd:openssh:2.9.9
Openbsd Openssh 2.5 cpe:/a:openbsd:openssh:2.5
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
  1. Openbsd (1) Search CVE
    1. Openssh (56) Search CVE
      1. 3.0p1
      2. 3.0.1
      3. 3.0.2
      4. 3.4p1
      5. 3.2.2
      6. 3.6.1
      7. 3.8.1p1
      8. 1.2.27
      9. 3.0.2p1
      10. 2.1.1
      11. 2.9p1
      12. 2.9p2
      13. 2.5.2
      14. 2.5.1
      15. 1.2
      16. 3.0
      17. 3.9.1p1
      18. 3.2
      19. 3.1
      20. 3.8
      21. 3.7
      22. 3.9
      23. 3.4
      24. 3.3
      25. 3.6
      26. 3.5
      27. 3.9.1
      28. 2.9.9p2
      29. 3.2.2p1
      30. 4.3p1
      31. 4.1p1
      32. 3.6.1p2
      33. 3.6.1p1
      34. 3.1p1
      35. 3.3p1
      36. 3.5p1
      37. 3.7.1p2
      38. 3.7.1p1
      39. 3.7.1
      40. 3.0.1p1
      41. 2.1
      42. 2.3
      43. 2.2
      44. 4.0
      45. 1.2.1
      46. 1.2.2
      47. 1.2.3
      48. 2.9
      49. 2.9.9
      50. 2.5
      51. 4.3
      52. 4.2
      53. 3.8.1
      54. 4.0p1
      55. 3.2.3p1
      56. 4.2p1

CWE

ID Name Description Links
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. CVE

References

Source Link
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
FREEBSD ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
SGI ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
CONFIRM http://docs.info.apple.com/article.html?artnum=305214
APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
MLIST http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
MLIST http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
CONFIRM http://openssh.org/txt/release-4.4
FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
GENTOO http://security.gentoo.org/glsa/glsa-200611-06.xml
SECTRACK http://securitytracker.com/id?1016940
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
CONFIRM http://sourceforge.net/forum/forum.php?forum_id=681763
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
MLIST http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
CONFIRM http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
CONFIRM http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
DEBIAN http://www.debian.org/security/2006/dsa-1189
DEBIAN http://www.debian.org/security/2006/dsa-1212
CERT-VN http://www.kb.cert.org/vuls/id/851340
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
SUSE http://www.novell.com/linux/security/advisories/2006_62_openssh.html
OPENBSD http://www.openbsd.org/errata.html#ssh
OPENPKG http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0697.html
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0698.html
BID http://www.securityfocus.com/bid/20241
UBUNTU http://www.ubuntu.com/usn/usn-355-1
CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
VUPEN http://www.vupen.com/english/advisories/2006/4018
VUPEN http://www.vupen.com/english/advisories/2006/4329
VUPEN http://www.vupen.com/english/advisories/2007/0930
VUPEN http://www.vupen.com/english/advisories/2007/1332

History of changes

Date Event
2017-07-20 05:59
2006-09-27 23:07

New CVE