PT-2006-1044 · Openssh+2 · Openssh+2

Published

2006-11-08

Updated

2024-07-08

CVE-2006-5794

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1p2 and earlier

Description: The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. According to the available data, there is an unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before version 4.5, which causes weaker verification that authentication has been successful. This might allow attackers to bypass authentication.

Recommendations: For OpenSSH versions 3.6.1p2 and earlier, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the sshd Privilege Separation Monitor until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-07467

BDU:2015-07469

BDU:2015-07471

BDU:2015-07472

BDU:2015-07474

CVE-2006-5794

RHSA-2006:0738

RHSA-2006_0738

Affected Products

Alt Linux

Openssh

Red Hat

PT-2006-1044 · Openssh+2 · Openssh+2

CVE-2006-5794

Related Identifiers

Affected Products

References · 385