CVE-2011-5000

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.8 and earlier

Description The issue allows remote authenticated users to cause a denial of service, specifically memory consumption, when gssapi-with-mic authentication is enabled. This is due to the ssh gssapi parse ename function in gss-serv.c not properly handling large values in a certain length field. There may be limited scenarios in which this issue is relevant. Additionally, exploitation of vulnerabilities in OpenSSH may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For OpenSSH versions 5.8 and earlier, consider updating to a version later than 5.8 to resolve the issue. As a temporary workaround, consider disabling gssapi-with-mic authentication until a patch is available. Restrict access to the ssh gssapi parse ename function to minimize the risk of exploitation. Avoid using large values in certain length fields in the affected API endpoint until the issue is resolved.