CVE-2006-5794

Severity

75%

Complexity

99%

Confidentiality

106%

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-11-08 20:07:00

Last updated 6 years ago

2018-10-17 21:45:00

Affected Software

OpenBSD OpenSSH

References

20061201-01-P

RHSA-2006:0738

22771

Patch, Vendor Advisory

22772

22773

Patch, Vendor Advisory

22778

22814

22872

22932

23513

23680

24055

1017183

http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227

http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm

MDKSA-2006:204

SUSE-SR:2006:026

OpenPKG-SA-2006.032

http://www.openssh.org/txt/release-4.5

20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server

20956

Patch

http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

ADV-2006-4399

ADV-2006-4400

openssh-separation-verificaton-weakness(30120)

https://issues.rpath.com/browse/RPL-766

oval:org.mitre.oval:def:11840

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.