CVE-2006-5051

Name of the Vulnerable Software and Affected Versions openssh versions prior to 4.4 p1-r5 openssh-server-udeb (affected versions not specified) openssh-server-3.1p1 (affected versions not specified) openssh-clients-3.1p1 (affected versions not specified) openssh-client-udeb (affected versions not specified) openssh-3.1p1 (affected versions not specified) openssh-askpass-3.1p1 (affected versions not specified) openssh-askpass-gnome-3.1p1 (affected versions not specified) openssh-askpass (affected versions not specified) ssh (affected versions not specified) ssh-krb5 (affected versions not specified) openssh-server (affected versions not specified) openssh-client (affected versions not specified) openssh-askpass-gnome (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the openssh package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The signal handler race condition in OpenSSH before version 4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code if GSSAPI authentication is enabled.

Recommendations For openssh versions prior to 4.4 p1-r5, update to a version 4.4 p1-r5 or later. For openssh-server-udeb, openssh-server-3.1p1, openssh-clients-3.1p1, openssh-client-udeb, openssh-3.1p1, openssh-askpass-3.1p1, openssh-askpass-gnome-3.1p1, openssh-askpass, ssh, ssh-krb5, openssh-server, openssh-client, and openssh-askpass-gnome, at the moment, there is no information about a newer version that contains a fix for this vulnerability.