PT-2005-3678 · Openssh+2 · Openssh+2

Published

2005-09-06

·

Updated

2024-07-08

·

CVE-2005-2798

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 4.2
Description The issue allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods when GSSAPIDelegateCredentials is enabled. This could cause those credentials to be exposed to untrusted users or hosts.
Recommendations For OpenSSH versions prior to 4.2, consider disabling the GSSAPIDelegateCredentials option to prevent credentials from being delegated to untrusted clients.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2024-3921
ALT-PU-2024-4077
ALT-PU-2024-4467
ALT-PU-2024-9513
CVE-2005-2798
RHSA-2005:527
RHSA-2005_527

Affected Products

Alt Linux
Openssh
Red Hat