CVE-2006-5794 – OpenSSH privilege separation flaw
https://notcve.org/view.php?id=CVE-2006-5794
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Vulnerabilidad sin especificar en el sshd Privilege Separation Monitor en OpenSSH para versiones anteriores a la 4.5 que provoca una verificación más leve que la autenticación, y que podría permitir a atacantes remotos evitar la autenticación. NOTA: en el 20061108, se cree que es sólo explotada por el impulso de vulnerabilidades en un proceso sin privilegios, hasta ahora desconocidos. • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc http://rhn.redhat.com/errata/RHSA-2006-0738.html http://secunia.com/advisories/22771 http://secunia.com/advisories/22772 http://secunia.com/advisories/22773 http://secunia.com/advisories/22778 http://secunia.com/advisories/22814 http://secunia.com/advisories/22872 http://secunia.com/advisories/22932 http://secunia.com/advisories/23513 http://secunia.com/advisories/23680 http://secunia.com/advisories •
CVE-2006-5229 – Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
https://notcve.org/view.php?id=CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario válidos mediante discrepancias de tiempo en las cuales las respuestas tardan más para nombres de usuario válidos que para los inválidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contraseñas configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el número de rondas. • https://www.exploit-db.com/exploits/3303 http://secunia.com/advisories/25979 http://www.osvdb.org/32721 http://www.securityfocus.com/archive/1/448025/100/0/threaded http://www.securityfocus.com/archive/1/448108/100/0/threaded http://www.securityfocus.com/archive/1/448156/100/0/threaded http://www.securityfocus.com/archive/1/448702/100/0/threaded http://www.securityfocus.com/bid/20418 http://www.sybsecurity.com/hack-proventia-1.pdf http://www.vupen.com/english • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •
CVE-2006-5052 – Kerberos information leak
https://notcve.org/view.php?id=CVE-2006-5052
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." Vulnerabilidad no especificada en OpenSSH portable anterior a 4.4, cuando funciona sobre algunas plataformas permite a un atacante remoto determinan la validación de los nombres de usuario a través de vectores desconocidos afectando a GSSAPI "aborto de validacion." • http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://rhn.redhat.com/errata/RHSA-2006-0697.html http://secunia.com/advisories/22158 http://secunia.com/advisories/22173 http://secunia.com/advisories/22495 http://secunia.com/advisories/22823 http://secunia.com/advisories/24479 http://secunia.com& •
CVE-2006-4924 – OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-4924
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. sshd en OpenSSH en versiones anteriores a 4.4, cuando se utiliza la versión 1 del protocolo SSH, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un paquete SSH que contiene bloques duplicados, los cuales no se manejan correctamente por el detector de ataque de compensación CRC. • https://www.exploit-db.com/exploits/2444 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://ftp.sco.com/pub/unixware7/714/security/p534336/p534336.txt ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://blogs.sun.com/security/entry/sun_alert_102962_security_vulnerability http://bugs.gentoo.org/show_bug.cgi?id=148228 http://docs.info.apple.com/article.html?artnum=305214 http://itrc.hp.com/service/cki/docDisplay • CWE-399: Resource Management Errors •