9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.946 High
EPSS
Percentile
99.3%
CentOS Errata and Security Advisory CESA-2006:0697
OpenSSH is OpenBSD’s SSH (Secure SHell) protocol implementation. This
package includes the core files necessary for both the OpenSSH client and
server.
Mark Dowd discovered a signal handler race condition in the OpenSSH sshd
server. A remote attacker could possibly leverage this flaw to cause a
denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the
likelihood of successful exploitation leading to arbitrary code execution
appears remote. However, the Red Hat Security Response Team have not yet
been able to verify this claim due to lack of upstream vulnerability
information. We are therefore including a fix for this flaw and have rated
it important security severity in the event our continued investigation
finds this issue to be exploitable.
Tavis Ormandy of the Google Security Team discovered a denial of service
bug in the OpenSSH sshd server. A remote attacker can send a specially
crafted SSH-1 request to the server causing sshd to consume a large
quantity of CPU resources. (CVE-2006-4924)
All users of openssh should upgrade to these updated packages, which
contain backported patches that resolves these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-September/075456.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075457.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075458.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075462.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075463.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075464.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075466.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075467.html
https://lists.centos.org/pipermail/centos-announce/2006-September/075470.html
Affected packages:
openssh
openssh-askpass
openssh-askpass-gnome
openssh-clients
openssh-server
openssl
openssl-devel
openssl-perl
openssl096b
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0697
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | openssl | < 0.9.7a-43.14 | openssl-0.9.7a-43.14.ia64.rpm |
CentOS | 4 | ia64 | openssl-devel | < 0.9.7a-43.14 | openssl-devel-0.9.7a-43.14.ia64.rpm |
CentOS | 4 | ia64 | openssl-perl | < 0.9.7a-43.14 | openssl-perl-0.9.7a-43.14.ia64.rpm |
CentOS | 4 | ia64 | openssl096b | < 0.9.6b-22.46 | openssl096b-0.9.6b-22.46.ia64.rpm |
CentOS | 4 | ia64 | openssh | < 3.9p1-8.RHEL4.17 | openssh-3.9p1-8.RHEL4.17.ia64.rpm |
CentOS | 4 | ia64 | openssh-askpass | < 3.9p1-8.RHEL4.17 | openssh-askpass-3.9p1-8.RHEL4.17.ia64.rpm |
CentOS | 4 | ia64 | openssh-askpass-gnome | < 3.9p1-8.RHEL4.17 | openssh-askpass-gnome-3.9p1-8.RHEL4.17.ia64.rpm |
CentOS | 4 | ia64 | openssh-clients | < 3.9p1-8.RHEL4.17 | openssh-clients-3.9p1-8.RHEL4.17.ia64.rpm |
CentOS | 4 | ia64 | openssh-server | < 3.9p1-8.RHEL4.17 | openssh-server-3.9p1-8.RHEL4.17.ia64.rpm |
CentOS | 3 | ia64 | openssh | < 3.6.1p2-33.30.12 | openssh-3.6.1p2-33.30.12.ia64.rpm |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.946 High
EPSS
Percentile
99.3%