CVE-2006-5229
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
OpenSSH portable 4.1 en SUSE Linux, y posiblemente en otras plataformas y versiones, y posiblemente bajo configuraciones limitadas, permite a atacantes remotos determinar nombres de usuario válidos mediante discrepancias de tiempo en las cuales las respuestas tardan más para nombres de usuario válidos que para los inválidos, como ha sido demostrado por sshtime. NOTA: a fecha de 14/10/2006, parece que este problema depende del uso de contraseñas configuradas manualmente que provoca retrasos procesando /etc/shadow debido a un incremento en el número de rondas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-10-10 CVE Reserved
- 2006-10-10 CVE Published
- 2007-02-13 First Exploit
- 2023-12-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/32721 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/448025/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/448108/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/448156/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/448702/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/20418 | Vdb Entry | |
| http://www.sybsecurity.com/hack-proventia-1.pdf | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3303 | 2007-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25979 | 2018-10-17 | |
| http://www.vupen.com/english/advisories/2007/2545 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | 4.1 Search vendor "Openbsd" for product "Openssh" and version "4.1" | - |
Affected
| in | Novell Search vendor "Novell" | Suse Linux Search vendor "Novell" for product "Suse Linux" | * | - |
Safe
|