// For flags

CVE-2006-5794

OpenSSH privilege separation flaw

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

Vulnerabilidad sin especificar en el sshd Privilege Separation Monitor en OpenSSH para versiones anteriores a la 4.5 que provoca una verificación más leve que la autenticación, y que podría permitir a atacantes remotos evitar la autenticación. NOTA: en el 20061108, se cree que es sólo explotada por el impulso de vulnerabilidades en un proceso sin privilegios, hasta ahora desconocidos.

A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the absence of additional vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-08 CVE Reserved
  • 2006-11-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (31)
URL Tag Source
http://secunia.com/advisories/22772 Third Party Advisory
http://secunia.com/advisories/22778 Third Party Advisory
http://secunia.com/advisories/22814 Third Party Advisory
http://secunia.com/advisories/22872 Third Party Advisory
http://secunia.com/advisories/22932 Third Party Advisory
http://secunia.com/advisories/23513 Third Party Advisory
http://secunia.com/advisories/23680 Third Party Advisory
http://secunia.com/advisories/24055 Third Party Advisory
http://securitytracker.com/id?1017183 Vdb Entry
http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227 X_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm X_refsource_confirm
http://www.openssh.org/txt/release-4.5 X_refsource_confirm
http://www.securityfocus.com/archive/1/451100/100/0/threaded Mailing List
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html X_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html X_refsource_confirm
http://www.vupen.com/english/advisories/2006/4399 Vdb Entry
http://www.vupen.com/english/advisories/2006/4400 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30120 Vdb Entry
https://issues.rpath.com/browse/RPL-766 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/22771 2018-10-17
http://secunia.com/advisories/22773 2018-10-17
http://www.securityfocus.com/bid/20956 2018-10-17
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc 2018-10-17
http://rhn.redhat.com/errata/RHSA-2006-0738.html 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 2018-10-17
http://www.novell.com/linux/security/advisories/2006_26_sr.html 2018-10-17
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-5794 2006-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=214641 2006-11-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
 Openssh
Search vendor "Openbsd" for product "Openssh"
 <= 4.4
Search vendor "Openbsd" for product "Openssh" and version " <= 4.4"
-
Affected