CVE-2011-5000

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Published : 2012-04-05 14:55 Updated : 2012-07-22 03:33

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 5.7 cpe:/a:openbsd:openssh:5.7
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 1.5 cpe:/a:openbsd:openssh:1.5
Openbsd Openssh 5.8 cpe:/a:openbsd:openssh:5.8
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2
Openbsd Openssh 4.4p1 cpe:/a:openbsd:openssh:4.4p1
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 1.5.8 cpe:/a:openbsd:openssh:1.5.8
Openbsd Openssh 1.5.7 cpe:/a:openbsd:openssh:1.5.7
Openbsd Openssh 4.5 cpe:/a:openbsd:openssh:4.5
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 4.1 cpe:/a:openbsd:openssh:4.1
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 4.6 cpe:/a:openbsd:openssh:4.6
Openbsd Openssh 4.8 cpe:/a:openbsd:openssh:4.8
Openbsd Openssh 4.7 cpe:/a:openbsd:openssh:4.7
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 4.9 cpe:/a:openbsd:openssh:4.9
Openbsd Openssh 4.3p2 cpe:/a:openbsd:openssh:4.3p2
Openbsd Openssh 4.4 cpe:/a:openbsd:openssh:4.4
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 1.3 cpe:/a:openbsd:openssh:1.3
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
  1. Openbsd (1) Search CVE
    1. Openssh (66) Search CVE
      1. 3.0.2p1
      2. 3.7.1p2
      3. 3.7.1p1
      4. 3.2.2
      5. 3.0p1
      6. 5.5
      7. 3.7
      8. 5.7
      9. 4.0p1
      10. 3.9
      11. 5.6
      12. 3.8
      13. 5.1
      14. 3.3
      15. 1.5
      16. 5.8
      17. 5.3
      18. 3.5
      19. 5.2
      20. 4.4p1
      21. 3.4
      22. 3.6.1p2
      23. 3.9.1
      24. 1.5.8
      25. 1.5.7
      26. 4.5
      27. 4.3p1
      28. 4.0
      29. 4.1p1
      30. 4.1
      31. 3.2.2p1
      32. 3.7.1
      33. 3.6.1p1
      34. 3.3p1
      35. 3.0.1p1
      36. 3.1p1
      37. 3.5p1
      38. 1.2.1
      39. 1.2.3
      40. 1.2.2
      41. 4.6
      42. 4.8
      43. 4.7
      44. 4.2
      45. 4.9
      46. 4.3p2
      47. 4.4
      48. 4.3
      49. 3.8.1
      50. 4.2p1
      51. 5.4
      52. 3.6
      53. 3.1
      54. 1.3
      55. 3.9.1p1
      56. 3.0
      57. 1.2
      58. 3.2.3p1
      59. 5.0
      60. 3.2
      61. 3.0.1
      62. 3.0.2
      63. 3.4p1
      64. 3.6.1
      65. 3.8.1p1
      66. 1.2.27

CWE

ID Name Description Links
CWE-189 Numeric Errors Weaknesses in this category are related to improper calculation or conversion of numbers. CVE

History of changes

Date Event
2012-04-05 14:55

New CVE