Vulnerability-Lookup

CVE-2006-5051 (GCVE-0-2006-5051)

Vulnerability from cvelistv5 – Published: 2006-09-28 03:00 – Updated: 2024-08-07 19:32

Summary

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://security.freebsd.org/advisories/FreeBSD-SA…	vendor-advisory
	http://sourceforge.net/forum/forum.php?forum_id=681763
	http://secunia.com/advisories/22270	third-party-advisory
	http://www.arkoon.fr/upload/alertes/43AK-2006-09-…
	http://www.ubuntu.com/usn/usn-355-1	vendor-advisory
	http://lists.freebsd.org/pipermail/freebsd-securi…	mailing-list
	http://www.vmware.com/support/vi3/doc/esx-3069097…
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignature
	http://openssh.org/txt/release-4.4
	http://secunia.com/advisories/24805	third-party-advisory
	http://www.kb.cert.org/vuls/id/851340	third-party-advisory
	http://www.openbsd.org/errata.html#ssh	vendor-advisory
	http://secunia.com/advisories/22487	third-party-advisory
	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	third-party-advisory
	http://www.arkoon.fr/upload/alertes/36AK-2006-07-…
	http://security.gentoo.org/glsa/glsa-200611-06.xml	vendor-advisory
	http://www.novell.com/linux/security/advisories/2…	vendor-advisory
	http://secunia.com/advisories/22362	third-party-advisory
	http://secunia.com/advisories/23680	third-party-advisory
	http://lists.apple.com/archives/security-announce…	vendor-advisory
	http://docs.info.apple.com/article.html?artnum=305214
	http://secunia.com/advisories/22352	third-party-advisory
	http://www.vupen.com/english/advisories/2006/4329	vdb-entry
	http://secunia.com/advisories/22236	third-party-advisory
	http://secunia.com/advisories/24799	third-party-advisory
	http://www.vupen.com/english/advisories/2006/4018	vdb-entry
	http://secunia.com/advisories/22495	third-party-advisory
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
	http://www.securityfocus.com/bid/20241	vdb-entry
	http://www.vupen.com/english/advisories/2007/1332	vdb-entry
	http://www.osvdb.org/29264	vdb-entry
	http://secunia.com/advisories/22823	third-party-advisory
	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories…	vendor-advisory
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisory
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisory
	http://www.openpkg.org/security/advisories/OpenPK…	vendor-advisory
	http://secunia.com/advisories/22183	third-party-advisory
	http://marc.info/?l=openssh-unix-dev&m=1159391417…	mailing-list
	http://www.vupen.com/english/advisories/2007/0930	vdb-entry
	http://www-unix.globus.org/mail_archive/security-…	mailing-list
	http://secunia.com/advisories/22926	third-party-advisory
	http://secunia.com/advisories/22173	third-party-advisory
	http://securitytracker.com/id?1016940	vdb-entry
	http://secunia.com/advisories/22208	third-party-advisory
	http://www.vmware.com/support/vi3/doc/esx-9986131…
	http://secunia.com/advisories/22245	third-party-advisory
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisory
	http://secunia.com/advisories/22196	third-party-advisory
	http://www.debian.org/security/2006/dsa-1212	vendor-advisory
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisory
	http://secunia.com/advisories/22158	third-party-advisory
	http://www.mandriva.com/security/advisories?name=…	vendor-advisory
	http://www.debian.org/security/2006/dsa-1189	vendor-advisory
	http://support.avaya.com/elmodocs2/security/ASA-2…
	http://secunia.com/advisories/24479	third-party-advisory
	http://www.openwall.com/lists/oss-security/2024/07/01/3	mailing-list
	http://www.openwall.com/lists/oss-security/2024/07/28/3	mailing-list
	https://www.openwall.com/lists/oss-security/2024/…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:32:23.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-06:22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
          },
          {
            "name": "22270",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22270"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
          },
          {
            "name": "USN-355-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-355-1"
          },
          {
            "name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11387",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://openssh.org/txt/release-4.4"
          },
          {
            "name": "24805",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24805"
          },
          {
            "name": "VU#851340",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/851340"
          },
          {
            "name": "[2.9] 015: SECURITY FIX: October 12, 2006",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/errata.html#ssh"
          },
          {
            "name": "22487",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "TA07-072A",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
          },
          {
            "name": "GLSA-200611-06",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
          },
          {
            "name": "SUSE-SA:2006:062",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
          },
          {
            "name": "22362",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22362"
          },
          {
            "name": "23680",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "name": "APPLE-SA-2007-03-13",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "name": "22352",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22352"
          },
          {
            "name": "ADV-2006-4329",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "name": "22236",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22236"
          },
          {
            "name": "24799",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24799"
          },
          {
            "name": "ADV-2006-4018",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4018"
          },
          {
            "name": "22495",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22495"
          },
          {
            "name": "openssh-signal-handler-race-condition(29254)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
          },
          {
            "name": "20241",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20241"
          },
          {
            "name": "ADV-2007-1332",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1332"
          },
          {
            "name": "29264",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29264"
          },
          {
            "name": "22823",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22823"
          },
          {
            "name": "FreeBSD-SA-06:22.openssh",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
          },
          {
            "name": "SSA:2006-272-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
          },
          {
            "name": "RHSA-2006:0697",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
          },
          {
            "name": "OpenPKG-SA-2006.022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
          },
          {
            "name": "22183",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22183"
          },
          {
            "name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
          },
          {
            "name": "ADV-2007-0930",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
          },
          {
            "name": "22926",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22926"
          },
          {
            "name": "22173",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22173"
          },
          {
            "name": "1016940",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016940"
          },
          {
            "name": "22208",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22208"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "22245",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22245"
          },
          {
            "name": "20061001-01-P",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "name": "22196",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22196"
          },
          {
            "name": "DSA-1212",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1212"
          },
          {
            "name": "RHSA-2006:0698",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
          },
          {
            "name": "22158",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22158"
          },
          {
            "name": "MDKSA-2006:179",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
          },
          {
            "name": "DSA-1189",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
          },
          {
            "name": "24479",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24479"
          },
          {
            "name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
          },
          {
            "name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-27T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-29T04:34:17.921Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FreeBSD-SA-06:22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
        },
        {
          "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
        },
        {
          "name": "22270",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22270"
        },
        {
          "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
        },
        {
          "name": "USN-355-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/usn-355-1"
        },
        {
          "name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh",
          "tags": [
            "mailing-list"
          ],
          "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
        },
        {
          "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11387",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
        },
        {
          "url": "http://openssh.org/txt/release-4.4"
        },
        {
          "name": "24805",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/24805"
        },
        {
          "name": "VU#851340",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.kb.cert.org/vuls/id/851340"
        },
        {
          "name": "[2.9] 015: SECURITY FIX: October 12, 2006",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.openbsd.org/errata.html#ssh"
        },
        {
          "name": "22487",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22487"
        },
        {
          "name": "TA07-072A",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
        },
        {
          "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
        },
        {
          "name": "GLSA-200611-06",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
        },
        {
          "name": "SUSE-SA:2006:062",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
        },
        {
          "name": "22362",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22362"
        },
        {
          "name": "23680",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/23680"
        },
        {
          "name": "APPLE-SA-2007-03-13",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
        },
        {
          "url": "http://docs.info.apple.com/article.html?artnum=305214"
        },
        {
          "name": "22352",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22352"
        },
        {
          "name": "ADV-2006-4329",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4329"
        },
        {
          "name": "22236",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22236"
        },
        {
          "name": "24799",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/24799"
        },
        {
          "name": "ADV-2006-4018",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4018"
        },
        {
          "name": "22495",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22495"
        },
        {
          "name": "openssh-signal-handler-race-condition(29254)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
        },
        {
          "name": "20241",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/20241"
        },
        {
          "name": "ADV-2007-1332",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1332"
        },
        {
          "name": "29264",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.osvdb.org/29264"
        },
        {
          "name": "22823",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22823"
        },
        {
          "name": "FreeBSD-SA-06:22.openssh",
          "tags": [
            "vendor-advisory"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
        },
        {
          "name": "SSA:2006-272-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
        },
        {
          "name": "RHSA-2006:0697",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
        },
        {
          "name": "OpenPKG-SA-2006.022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
        },
        {
          "name": "22183",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22183"
        },
        {
          "name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
          "tags": [
            "mailing-list"
          ],
          "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
        },
        {
          "name": "ADV-2007-0930",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0930"
        },
        {
          "name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
        },
        {
          "name": "22926",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22926"
        },
        {
          "name": "22173",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22173"
        },
        {
          "name": "1016940",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://securitytracker.com/id?1016940"
        },
        {
          "name": "22208",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22208"
        },
        {
          "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
        },
        {
          "name": "22245",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22245"
        },
        {
          "name": "20061001-01-P",
          "tags": [
            "vendor-advisory"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
        },
        {
          "name": "22196",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22196"
        },
        {
          "name": "DSA-1212",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1212"
        },
        {
          "name": "RHSA-2006:0698",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
        },
        {
          "name": "22158",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/22158"
        },
        {
          "name": "MDKSA-2006:179",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
        },
        {
          "name": "DSA-1189",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1189"
        },
        {
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
        },
        {
          "name": "24479",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://secunia.com/advisories/24479"
        },
        {
          "name": "[oss-security] 20240701 CVE-2024-6387: RCE in OpenSSH\u0027s server, on glibc-based Linux systems",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
        },
        {
          "name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-5051",
    "datePublished": "2006-09-28T03:00:00.000Z",
    "dateReserved": "2006-09-27T04:00:00.000Z",
    "dateUpdated": "2024-08-07T19:32:23.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2024-AVI-0811

Vulnerability from certfr_avis - Published: 2024-09-25 - Updated: 2024-09-25

De multiples vulnérabilités ont été découvertes dans les produits Trend Micro. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions 5.8.x à 6.5.x de Deep Discovery Inspector sont affectées par les vulnérabilités CVE-2024-46902 et CVE-2024-46903 mais ne bénéficieront pas de correctifs de sécurité. Deep Discovery Inspector et Deep Discovery Email Inspector sont affectés par la vulnérabilité CVE-2024-6387; il est nécessaire de contacter l'éditeur pour accéder aux correctifs.

Impacted products

Vendor	Product	Description
Trend Micro	Service Gateway	Service Gateway versions antérieures à 3.0.10
Trend Micro	Deep Discovery Inspector	Deep Discovery Inspector versions 6.7.x antérieures à 6.7 Cp 1107
Trend Micro	Deep Discovery Inspector	Deep Discovery Inspector versions 6.6.x antérieures à 6.6 Cp 1097
Trend Micro	Trend Micro Web Gateway	Trend Micro Web Gateway versions antérieures à 3.9.5.5840
Trend Micro	Deep Discovery Mail Inspector	Deep Discovery Email Inspector sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Trend Micro KA-0017793	2024-09-16	vendor-advisory
Bulletin de sécurité Trend Micro KA-0016976	2024-09-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Service Gateway versions ant\u00e9rieures \u00e0 3.0.10",
      "product": {
        "name": "Service Gateway",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Deep Discovery Inspector versions 6.7.x ant\u00e9rieures \u00e0 6.7 Cp 1107",
      "product": {
        "name": "Deep Discovery Inspector",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Deep Discovery Inspector versions 6.6.x ant\u00e9rieures \u00e0 6.6 Cp 1097",
      "product": {
        "name": "Deep Discovery Inspector",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Trend Micro Web Gateway\t versions ant\u00e9rieures \u00e0 3.9.5.5840",
      "product": {
        "name": "Trend Micro Web Gateway",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    },
    {
      "description": "Deep Discovery Email Inspector sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Deep Discovery Mail Inspector",
        "vendor": {
          "name": "Trend Micro",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions 5.8.x \u00e0 6.5.x de Deep Discovery Inspector sont affect\u00e9es par les vuln\u00e9rabilit\u00e9s CVE-2024-46902 et CVE-2024-46903 mais ne b\u00e9n\u00e9ficieront pas de correctifs de s\u00e9curit\u00e9. \nDeep Discovery Inspector et Deep Discovery Email Inspector sont affect\u00e9s par la vuln\u00e9rabilit\u00e9 CVE-2024-6387; il est n\u00e9cessaire de contacter l\u0027\u00e9diteur pour acc\u00e9der aux correctifs. ",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-46903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46903"
    },
    {
      "name": "CVE-2024-46902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46902"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2024-6387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
    },
    {
      "name": "CVE-2008-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4109"
    }
  ],
  "initial_release_date": "2024-09-25T00:00:00",
  "last_revision_date": "2024-09-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0811",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Trend Micro. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Trend Micro",
  "vendor_advisories": [
    {
      "published_at": "2024-09-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0017793",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0017793"
    },
    {
      "published_at": "2024-09-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0016976",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0016976"
    }
  ]
}

CERTA-2007-AVI-124

Vulnerability from certfr_avis - Published: 2007-03-14 - Updated: 2007-03-14

Plusieurs vulnérabilités affectent MacOS X. Les plus graves permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Description

Plusieurs composants de MacOS X sont sujets à des vulnérabilités, les plus graves permettant à un attaquant distant d'exécuter du code arbitraire.

Les composants impactés sont : ColorSync (CVE-2007-0719), CoreGraphics, Crash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images (CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062, CVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins (CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300, CVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO (CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129, CVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226, CVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH (CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051, CVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager (CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server (CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959), WebLog (CVE-2006-4829).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	macOS	MacOS X 10.3.9 et MacOS X Server 10.3.9 ;
	Apple	macOS	MacOS X 10.4 et MacOS X Server 10.4.

References

Title

Publication Time

Tags

Mise à jour de sécurité 2007-003 de MacOS X	None	vendor-advisory
Bulletin de sécurité Apple du 12 mars 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MacOS X 10.3.9 et MacOS X Server 10.3.9 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "MacOS X 10.4 et MacOS X Server 10.4.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs composants de MacOS X sont sujets \u00e0 des vuln\u00e9rabilit\u00e9s, les\nplus graves permettant \u00e0 un attaquant distant d\u0027ex\u00e9cuter du code\narbitraire.  \n\nLes composants impact\u00e9s sont : ColorSync (CVE-2007-0719), CoreGraphics,\nCrash Reporter (CVE-2007-0467), CUPS (CVE-2007-0720), Disk Images\n(CVE-2007-0721, CVE-2007-0722, CVE-2006-6061, CVE-2006-6062,\nCVE-2006-5679, CVE-2007-0229, CVE-2007-0267, CVE-2007-0299), DS Plug-Ins\n(CVE-2007-0723), Flash Player (CVE-2006-5330), GNU Tar (CVE-2006-0300,\nCVE-2006-6097), HFS (CVE-2007-0318), HID Family (CVE-2007-0724), ImageIO\n(CVE-2007-1071, CVE-2007-0733), Kernel (CVE-2006-5836, CVE-2006-6129,\nCVE-2006-6173), MySQL Server (CVE-2006-1516, CVE-2006-1517,\nCVE-2006-2753, CVE-2006-3081, CVE-2006-4031, CVE-2006-4226,\nCVE-2006-3469), Networking (CVE-2006-6130, CVE-2007-0236), OpenSSH\n(CVE-2007-0726, CVE-2006-0225, CVE-2006-4924, CVE-2006-5051,\nCVE-2006-5052), Printing (CVE-2007-0728), QuickDraw Manager\n(CVE-2007-0588), servermgrd (CVE-2007-0730), SMB File Server\n(CVE-2007-0731), Software Update (CVE-2007-0463), sudo (CVE-2005-2959),\nWebLog (CVE-2006-4829).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3469"
    },
    {
      "name": "CVE-2006-6061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6061"
    },
    {
      "name": "CVE-2006-2753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2753"
    },
    {
      "name": "CVE-2007-0722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0722"
    },
    {
      "name": "CVE-2007-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0229"
    },
    {
      "name": "CVE-2006-6173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6173"
    },
    {
      "name": "CVE-2007-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0733"
    },
    {
      "name": "CVE-2006-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5836"
    },
    {
      "name": "CVE-2007-0720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0720"
    },
    {
      "name": "CVE-2006-5052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5052"
    },
    {
      "name": "CVE-2006-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3081"
    },
    {
      "name": "CVE-2007-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0318"
    },
    {
      "name": "CVE-2007-0236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0236"
    },
    {
      "name": "CVE-2006-4829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4829"
    },
    {
      "name": "CVE-2006-1517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1517"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2005-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2959"
    },
    {
      "name": "CVE-2007-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0728"
    },
    {
      "name": "CVE-2006-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6129"
    },
    {
      "name": "CVE-2007-0267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0267"
    },
    {
      "name": "CVE-2007-0731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0731"
    },
    {
      "name": "CVE-2007-0726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0726"
    },
    {
      "name": "CVE-2006-4226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4226"
    },
    {
      "name": "CVE-2007-0299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0299"
    },
    {
      "name": "CVE-2007-0724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0724"
    },
    {
      "name": "CVE-2007-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1071"
    },
    {
      "name": "CVE-2006-4031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4031"
    },
    {
      "name": "CVE-2007-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0588"
    },
    {
      "name": "CVE-2006-1516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1516"
    },
    {
      "name": "CVE-2006-5679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5679"
    },
    {
      "name": "CVE-2007-0721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0721"
    },
    {
      "name": "CVE-2006-6130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6130"
    },
    {
      "name": "CVE-2006-5330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5330"
    },
    {
      "name": "CVE-2007-0730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0730"
    },
    {
      "name": "CVE-2006-0300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0300"
    },
    {
      "name": "CVE-2007-0719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0719"
    },
    {
      "name": "CVE-2006-6062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6062"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2007-0467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0467"
    },
    {
      "name": "CVE-2007-0463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0463"
    },
    {
      "name": "CVE-2006-6097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6097"
    },
    {
      "name": "CVE-2007-0723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0723"
    }
  ],
  "initial_release_date": "2007-03-14T00:00:00",
  "last_revision_date": "2007-03-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 12 mars 2007 :",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    }
  ],
  "reference": "CERTA-2007-AVI-124",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent MacOS X. Les plus graves permettent \u00e0\nune personne malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 2007-003 de MacOS X",
      "url": null
    }
  ]
}

CERTA-2007-AVI-026

Vulnerability from certfr_avis - Published: 2007-01-11 - Updated: 2007-01-11

De multiples vulnérabilités ont été corrigées pour les produits VMware ESX Server 2.x et 3.0.x.

Description

De multiples vulnérabilités ont été découvertes dans le produit VMware ESX Server. Celles-ci concernent :

Une mauvaise gestion des droits sur les clés SSL générées par vmware-config (CVE-2006-3589) ;
certaines bibilothèques OpenSSL (CVE-2006-2937, CVE-2006-2940, CVE-2006-4339, CVE-2006-4343, CVE-2006-3738) ;
OpenSSH (CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924, CVE-2006-5051, CVE-2006-5794) ;
un débordement de tampon dans la fonction repr() utilisée par certaines applications en Python (CVE-2006-4980) ;
un problème concernant les fichiers de disques virtuels ( .vmdk ou .dsk ) nouvellement créés, qui contiennent des blocs de fichiers de disques récemment effacés.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX Server 3.0.x
	VMware	N/A	VMware ESX Server 2.x.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2007-0001	2007-01-09	vendor-advisory
Patch pour VMWare ESX Server 2.5.3 :	-	other
Patch pour VMware ESX Server 2.0.2 :	-	other
Patch pour VMware ESX Server 3.0.0 :	-	other
Patch pour VMWare ESX Server 2.1.3 :	-	other
Patch pour VMware ESX Server 2.5.4 :	-	other
Patch pour VMware ESX Server 3.0.1 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX Server 3.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le produit VMware\nESX Server. Celles-ci concernent :\n\n-   Une mauvaise gestion des droits sur les cl\u00e9s SSL g\u00e9n\u00e9r\u00e9es par\n    vmware-config (CVE-2006-3589) ;\n-   certaines bibiloth\u00e8ques OpenSSL (CVE-2006-2937, CVE-2006-2940,\n    CVE-2006-4339, CVE-2006-4343, CVE-2006-3738) ;\n-   OpenSSH (CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924,\n    CVE-2006-5051, CVE-2006-5794) ;\n-   un d\u00e9bordement de tampon dans la fonction repr() utilis\u00e9e par\n    certaines applications en Python (CVE-2006-4980) ;\n-   un probl\u00e8me concernant les fichiers de disques virtuels ( .vmdk ou\n    .dsk ) nouvellement cr\u00e9\u00e9s, qui contiennent des blocs de fichiers de\n    disques r\u00e9cemment effac\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4339"
    },
    {
      "name": "CVE-2006-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3589"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2004-2069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2004-2069"
    },
    {
      "name": "CVE-2006-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4924"
    },
    {
      "name": "CVE-2003-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0386"
    },
    {
      "name": "CVE-2006-4343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4343"
    },
    {
      "name": "CVE-2006-5794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5794"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2006-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0225"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2006-4980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4980"
    }
  ],
  "initial_release_date": "2007-01-11T00:00:00",
  "last_revision_date": "2007-01-11T00:00:00",
  "links": [
    {
      "title": "Patch pour VMWare ESX Server 2.5.3 :",
      "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 2.0.2 :",
      "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 3.0.0 :",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "title": "Patch pour VMWare ESX Server 2.1.3 :",
      "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 2.5.4 :",
      "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
    },
    {
      "title": "Patch pour VMware ESX Server 3.0.1 :",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    }
  ],
  "reference": "CERTA-2007-AVI-026",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es pour les produits VMware\nESX Server 2.x et 3.0.x.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": "2007-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2007-0001",
      "url": "None"
    }
  ]
}

CERTFR-2025-AVI-0018

Vulnerability from certfr_avis - Published: 2025-01-09 - Updated: 2025-01-09

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 22.4.x antérieures à 22.4R3-S5
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.2R3-S9-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4.x-EVO antérieures à 23.4R2-S3-EVO
Juniper Networks	Junos OS	Junos OS versions 24.2.x antérieures à 24.2R1-S2 et 24.2R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2.x-EVO antérieures à 23.2R2-S3-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.4.x-EVO antérieures à 21.4R3-S10-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.4.x-EVO antérieures à 22.4R3-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 22.2.x antérieures à 22.2R3-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.3.x-EVO antérieures à 22.3R3-S4-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2.x-EVO antérieures à 24.2R1-S2-EVO et 24.2R2-EVO
Juniper Networks	Junos OS	Junos OS versions 22.3.x antérieures à 22.3R3-S4
Juniper Networks	Junos OS	Junos OS versions 23.4.x antérieures à 23.4R2-S3
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R3-S10
Juniper Networks	Junos OS	Junos OS versions 23.2.x antérieures à 23.2R2-S3
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 22.2.x-EVO antérieures à 22.2R3-S5-EVO

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks CVE-2025-21593	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21602	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21598	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21592	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21599	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21600	2025-01-08	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-21596	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 22.4.x ant\u00e9rieures \u00e0 22.4R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R2",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S9-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4.x-EVO ant\u00e9rieures \u00e0 23.4R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2.x ant\u00e9rieures \u00e0 24.2R1-S2 et 24.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2.x-EVO ant\u00e9rieures \u00e0 23.2R2-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4.x-EVO ant\u00e9rieures \u00e0 21.4R3-S10-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.4.x-EVO ant\u00e9rieures \u00e0 22.4R3-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.2.x ant\u00e9rieures \u00e0 22.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.3.x-EVO ant\u00e9rieures \u00e0 22.3R3-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2.x-EVO ant\u00e9rieures \u00e0 24.2R1-S2-EVO et 24.2R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 22.3.x ant\u00e9rieures \u00e0 22.3R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4.x ant\u00e9rieures \u00e0 23.4R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R3-S10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2.x ant\u00e9rieures \u00e0 23.2R2-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 22.2.x-EVO ant\u00e9rieures \u00e0 22.2R3-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-35875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35875"
    },
    {
      "name": "CVE-2024-35797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35797"
    },
    {
      "name": "CVE-2024-26886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26886"
    },
    {
      "name": "CVE-2023-52801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2024-26629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
    },
    {
      "name": "CVE-2025-21592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21592"
    },
    {
      "name": "CVE-2022-24809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
    },
    {
      "name": "CVE-2025-21599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21599"
    },
    {
      "name": "CVE-2024-35791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35791"
    },
    {
      "name": "CVE-2023-3019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3019"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2023-50868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2023-3255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
    },
    {
      "name": "CVE-2024-26946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26946"
    },
    {
      "name": "CVE-2024-26720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26720"
    },
    {
      "name": "CVE-2023-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2024-39894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39894"
    },
    {
      "name": "CVE-2023-6240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
    },
    {
      "name": "CVE-2023-6683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-1488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2024-26630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26630"
    },
    {
      "name": "CVE-2023-5517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
    },
    {
      "name": "CVE-2024-41073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
    },
    {
      "name": "CVE-2025-21600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21600"
    },
    {
      "name": "CVE-2024-42082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42082"
    },
    {
      "name": "CVE-2025-21596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21596"
    },
    {
      "name": "CVE-2024-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32462"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2025-21602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21602"
    },
    {
      "name": "CVE-2024-25742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
    },
    {
      "name": "CVE-2024-25743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25743"
    },
    {
      "name": "CVE-2024-42096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42096"
    },
    {
      "name": "CVE-2024-38619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
    },
    {
      "name": "CVE-2025-21593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21593"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-36019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36019"
    },
    {
      "name": "CVE-2024-41040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41040"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2023-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
    },
    {
      "name": "CVE-2024-40927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40927"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2023-50387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
    },
    {
      "name": "CVE-2024-42102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42102"
    },
    {
      "name": "CVE-2025-21598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21598"
    },
    {
      "name": "CVE-2024-40936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40936"
    },
    {
      "name": "CVE-2006-5051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5051"
    },
    {
      "name": "CVE-2024-41096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41096"
    },
    {
      "name": "CVE-2023-6516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6516"
    },
    {
      "name": "CVE-2024-28835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28835"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-38559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
    },
    {
      "name": "CVE-2024-6387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2024-36979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36979"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2023-5679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
    },
    {
      "name": "CVE-2023-5088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
    },
    {
      "name": "CVE-2023-42467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    }
  ],
  "initial_release_date": "2025-01-09T00:00:00",
  "last_revision_date": "2025-01-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21593",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-On-SRv6-enabled-devices-an-attacker-sending-a-malformed-BGP-update-can-cause-the-rpd-to-crash-CVE-2025-21593"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21602",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specially-crafted-BGP-update-packet-causes-RPD-crash-CVE-2025-21602"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21598",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21592",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-highly-sensitive-information-on-file-system-CVE-2025-21592"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21599",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21600",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-certain-BGP-options-enabled-receipt-of-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-21600"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-21596",
      "url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-SRX1500-SRX4100-SRX4200-Execution-of-low-privileged-CLI-command-results-in-chassisd-crash-CVE-2025-21596"
    }
  ]
}

GSD-2006-5051

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5051

Aliases

CVE-2006-5051

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5051",
    "description": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.",
    "id": "GSD-2006-5051",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-5051.html",
      "https://www.debian.org/security/2008/dsa-1638",
      "https://www.debian.org/security/2006/dsa-1212",
      "https://www.debian.org/security/2006/dsa-1189",
      "https://access.redhat.com/errata/RHSA-2006:0698",
      "https://access.redhat.com/errata/RHSA-2006:0697",
      "https://linux.oracle.com/cve/CVE-2006-5051.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5051"
      ],
      "details": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.",
      "id": "GSD-2006-5051",
      "modified": "2023-12-13T01:19:55.789065Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-5051",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FreeBSD-SA-06:22",
            "refsource": "FREEBSD",
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
          },
          {
            "name": "http://sourceforge.net/forum/forum.php?forum_id=681763",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
          },
          {
            "name": "22270",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22270"
          },
          {
            "name": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
          },
          {
            "name": "USN-355-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-355-1"
          },
          {
            "name": "[freebsd-security] 20061002 FreeBSD Security Advisory FreeBSD-SA-06:22.openssh",
            "refsource": "MLIST",
            "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11387",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
          },
          {
            "name": "http://openssh.org/txt/release-4.4",
            "refsource": "CONFIRM",
            "url": "http://openssh.org/txt/release-4.4"
          },
          {
            "name": "24805",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24805"
          },
          {
            "name": "VU#851340",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/851340"
          },
          {
            "name": "[2.9] 015: SECURITY FIX: October 12, 2006",
            "refsource": "OPENBSD",
            "url": "http://www.openbsd.org/errata.html#ssh"
          },
          {
            "name": "22487",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "name": "TA07-072A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "name": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
          },
          {
            "name": "GLSA-200611-06",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
          },
          {
            "name": "SUSE-SA:2006:062",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
          },
          {
            "name": "22362",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22362"
          },
          {
            "name": "23680",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "name": "APPLE-SA-2007-03-13",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=305214",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "name": "22352",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22352"
          },
          {
            "name": "ADV-2006-4329",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "name": "22236",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22236"
          },
          {
            "name": "24799",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24799"
          },
          {
            "name": "ADV-2006-4018",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4018"
          },
          {
            "name": "22495",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22495"
          },
          {
            "name": "openssh-signal-handler-race-condition(29254)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
          },
          {
            "name": "20241",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20241"
          },
          {
            "name": "ADV-2007-1332",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1332"
          },
          {
            "name": "29264",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/29264"
          },
          {
            "name": "22823",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22823"
          },
          {
            "name": "FreeBSD-SA-06:22.openssh",
            "refsource": "FREEBSD",
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
          },
          {
            "name": "SSA:2006-272-02",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
          },
          {
            "name": "RHSA-2006:0697",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
          },
          {
            "name": "OpenPKG-SA-2006.022",
            "refsource": "OPENPKG",
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
          },
          {
            "name": "22183",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22183"
          },
          {
            "name": "[openssh-unix-dev] 20060927 Announce: OpenSSH 4.4 released",
            "refsource": "MLIST",
            "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
          },
          {
            "name": "ADV-2007-0930",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "name": "[security-announce] 20070409 Globus Security Advisory 2007-02: GSI-OpenSSH vulnerability",
            "refsource": "MLIST",
            "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
          },
          {
            "name": "22926",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22926"
          },
          {
            "name": "22173",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22173"
          },
          {
            "name": "1016940",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016940"
          },
          {
            "name": "22208",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22208"
          },
          {
            "name": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "name": "22245",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22245"
          },
          {
            "name": "20061001-01-P",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "name": "22196",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22196"
          },
          {
            "name": "DSA-1212",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1212"
          },
          {
            "name": "RHSA-2006:0698",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
          },
          {
            "name": "22158",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22158"
          },
          {
            "name": "MDKSA-2006:179",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
          },
          {
            "name": "DSA-1189",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1189"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
          },
          {
            "name": "24479",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24479"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3E3FE4E6-870E-4F84-9D50-7BF48ADFB380",
                    "versionEndIncluding": "4.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6CE37418-3D19-483A-9ADE-2E38272A4ACC",
                    "versionEndExcluding": "10.3.9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "39D14EF2-E8E0-4021-A493-E822612FFB35",
                    "versionEndIncluding": "10.4.8",
                    "versionStartIncluding": "10.4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3E9A9D63-EEA1-4289-8382-6CC91D2241A1",
                    "versionEndExcluding": "10.3.9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D0D26E9A-DF4A-4795-BE74-2196127BB3E7",
                    "versionEndIncluding": "10.4.8",
                    "versionStartIncluding": "10.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
          },
          {
            "lang": "es",
            "value": "Condici\u00f3n de carrera en el manejador de se\u00f1al OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario si la autenticaci\u00f3n GSSAPI est\u00e1 habilitada, a trav\u00e9s de vectores no especificados que conducen a una doble liberaci\u00f3n."
          }
        ],
        "evaluatorImpact": "Successful code execution exploitation requires that GSSAPI authentication is enabled.",
        "id": "CVE-2006-5051",
        "lastModified": "2024-02-02T15:36:44.023",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 10.0,
              "obtainAllPrivilege": true,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2006-09-27T23:07:00.000",
        "references": [
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=305214"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Release Notes"
            ],
            "url": "http://openssh.org/txt/release-4.4"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22158"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22173"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22183"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22196"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22208"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22236"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22245"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22270"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22352"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22362"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://secunia.com/advisories/22495"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22823"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/22926"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/24479"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/24799"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/24805"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://securitytracker.com/id?1016940"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1189"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1212"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.kb.cert.org/vuls/id/851340"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Release Notes"
            ],
            "url": "http://www.openbsd.org/errata.html#ssh"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.osvdb.org/29264"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/20241"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.ubuntu.com/usn/usn-355-1"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4018"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0930"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1332"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Broken Link"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vendorComments": [
          {
            "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
            "lastModified": "2007-03-14T00:00:00",
            "organization": "Red Hat"
          }
        ],
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-415"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2006-5051

Vulnerability from fkie_nvd - Published: 2006-09-27 23:07 - Updated: 2025-04-09 00:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc	Broken Link
secalert@redhat.com	ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	Broken Link
secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=305214	Broken Link
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	Mailing List
secalert@redhat.com	http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html	Mailing List
secalert@redhat.com	http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2	Mailing List
secalert@redhat.com	http://openssh.org/txt/release-4.4	Release Notes
secalert@redhat.com	http://secunia.com/advisories/22158	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22173	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22183	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22196	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22208	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22236	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22245	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22270	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22352	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22362	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22487	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22495	Broken Link
secalert@redhat.com	http://secunia.com/advisories/22823	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22926	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/23680	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/24479	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/24799	Broken Link, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/24805	Broken Link, Vendor Advisory
secalert@redhat.com	http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc	Third Party Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200611-06.xml	Third Party Advisory
secalert@redhat.com	http://securitytracker.com/id?1016940	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566	Broken Link
secalert@redhat.com	http://sourceforge.net/forum/forum.php?forum_id=681763	Broken Link
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm	Third Party Advisory
secalert@redhat.com	http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html	Broken Link
secalert@redhat.com	http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf	Broken Link
secalert@redhat.com	http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf	Broken Link
secalert@redhat.com	http://www.debian.org/security/2006/dsa-1189	Mailing List
secalert@redhat.com	http://www.debian.org/security/2006/dsa-1212	Broken Link
secalert@redhat.com	http://www.kb.cert.org/vuls/id/851340	Third Party Advisory, US Government Resource
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:179	Third Party Advisory
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_62_openssh.html	Broken Link
secalert@redhat.com	http://www.openbsd.org/errata.html#ssh	Release Notes
secalert@redhat.com	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html	Broken Link
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/07/01/3
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2024/07/28/3
secalert@redhat.com	http://www.osvdb.org/29264	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0697.html	Broken Link
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0698.html	Broken Link
secalert@redhat.com	http://www.securityfocus.com/bid/20241	Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com	http://www.ubuntu.com/usn/usn-355-1	Broken Link
secalert@redhat.com	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory, US Government Resource
secalert@redhat.com	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	Broken Link
secalert@redhat.com	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4018	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/4329	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0930	Broken Link
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/1332	Broken Link
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/29254	Third Party Advisory, VDB Entry
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387	Broken Link
secalert@redhat.com	https://www.openwall.com/lists/oss-security/2024/07/28/3
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc	Broken Link
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=305214	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://openssh.org/txt/release-4.4	Release Notes
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22158	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22173	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22183	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22196	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22208	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22236	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22245	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22270	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22352	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22362	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22487	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22495	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22823	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22926	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23680	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24479	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24799	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24805	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200611-06.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016940	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/forum/forum.php?forum_id=681763	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1189	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1212	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/851340	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:179	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_62_openssh.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openbsd.org/errata.html#ssh	Release Notes
af854a3a-2127-422b-91ae-364da2661108	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/07/01/3
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/07/28/3
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/29264	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0697.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0698.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20241	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-355-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-072A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4018	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4329	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0930	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1332	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29254	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2024/07/28/3

Impacted products

Vendor	Product	Version
openbsd	openssh	*
debian	debian_linux	3.1
apple	mac_os_x	*
apple	mac_os_x	*
apple	mac_os_x_server	*
apple	mac_os_x_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3FE4E6-870E-4F84-9D50-7BF48ADFB380",
              "versionEndIncluding": "4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CE37418-3D19-483A-9ADE-2E38272A4ACC",
              "versionEndExcluding": "10.3.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D14EF2-E8E0-4021-A493-E822612FFB35",
              "versionEndIncluding": "10.4.8",
              "versionStartIncluding": "10.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9A9D63-EEA1-4289-8382-6CC91D2241A1",
              "versionEndExcluding": "10.3.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D26E9A-DF4A-4795-BE74-2196127BB3E7",
              "versionEndIncluding": "10.4.8",
              "versionStartIncluding": "10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en el manejador de se\u00f1al OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario si la autenticaci\u00f3n GSSAPI est\u00e1 habilitada, a trav\u00e9s de vectores no especificados que conducen a una doble liberaci\u00f3n."
    }
  ],
  "evaluatorImpact": "Successful code execution exploitation requires that GSSAPI authentication is enabled.",
  "id": "CVE-2006-5051",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2006-09-27T23:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "http://openssh.org/txt/release-4.4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22158"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22173"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22183"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22208"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22236"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22245"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22270"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22352"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22362"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22487"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22495"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22823"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22926"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24799"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24805"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016940"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1189"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1212"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/851340"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.openbsd.org/errata.html#ssh"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/29264"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/20241"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ubuntu.com/usn/usn-355-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4018"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4329"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1332"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://openssh.org/txt/release-4.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://secunia.com/advisories/22495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22823"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/851340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "http://www.openbsd.org/errata.html#ssh"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/01/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/29264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/20241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.ubuntu.com/usn/usn-355-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.openwall.com/lists/oss-security/2024/07/28/3"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
      "lastModified": "2007-03-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQ5H-R3RG-J9HG

Vulnerability from github – Published: 2022-05-03 03:16 – Updated: 2022-05-03 03:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-27T23:07:00Z",
    "severity": "HIGH"
  },
  "details": "Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.",
  "id": "GHSA-mq5h-r3rg-j9hg",
  "modified": "2022-05-03T03:16:36Z",
  "published": "2022-05-03T03:16:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5051"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29254"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=305214"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=openssh-unix-dev\u0026m=115939141729160\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://openssh.org/txt/release-4.4"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22158"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22173"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22183"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22196"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22208"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22236"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22245"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22270"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22352"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22362"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22487"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22495"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22823"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22926"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23680"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24479"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24799"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24805"
    },
    {
      "type": "WEB",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200611-06.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016940"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.592566"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/forum/forum.php?forum_id=681763"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm"
    },
    {
      "type": "WEB",
      "url": "http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1189"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1212"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/851340"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:179"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_62_openssh.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openbsd.org/errata.html#ssh"
    },
    {
      "type": "WEB",
      "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/29264"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0697.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0698.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20241"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-355-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4018"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4329"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0930"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1332"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5051 (GCVE-0-2006-5051)

CERTFR-2024-AVI-0811

Solutions

CERTA-2007-AVI-124

Description

Solution

CERTA-2007-AVI-026

Description

Solution

CERTFR-2025-AVI-0018

Solutions

GSD-2006-5051

FKIE_CVE-2006-5051

GHSA-MQ5H-R3RG-J9HG

Tags

Sightings

Nomenclature