Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-5000
HistoryApr 05, 2012 - 2:55 p.m.

CVE-2011-5000

2012-04-0514:55:03
CWE-189
[email protected]
web.nvd.nist.gov
2549
cve-2011-5000
openssh
gssapi-with-mic authentication
memory consumption
denial of service
vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

4.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Affected configurations

NVD
Node
openbsdopensshRange5.8
OR
openbsdopensshMatch1.2
OR
openbsdopensshMatch1.2.1
OR
openbsdopensshMatch1.2.2
OR
openbsdopensshMatch1.2.3
OR
openbsdopensshMatch1.2.27
OR
openbsdopensshMatch1.3
OR
openbsdopensshMatch1.5
OR
openbsdopensshMatch1.5.7
OR
openbsdopensshMatch1.5.8
OR
openbsdopensshMatch3.0
OR
openbsdopensshMatch3.0.1
OR
openbsdopensshMatch3.0.1p1
OR
openbsdopensshMatch3.0.2
OR
openbsdopensshMatch3.0.2p1
OR
openbsdopensshMatch3.0p1
OR
openbsdopensshMatch3.1
OR
openbsdopensshMatch3.1p1
OR
openbsdopensshMatch3.2
OR
openbsdopensshMatch3.2.2
OR
openbsdopensshMatch3.2.2p1
OR
openbsdopensshMatch3.2.3p1
OR
openbsdopensshMatch3.3
OR
openbsdopensshMatch3.3p1
OR
openbsdopensshMatch3.4
OR
openbsdopensshMatch3.4p1
OR
openbsdopensshMatch3.5
OR
openbsdopensshMatch3.5p1
OR
openbsdopensshMatch3.6
OR
openbsdopensshMatch3.6.1
OR
openbsdopensshMatch3.6.1p1
OR
openbsdopensshMatch3.6.1p2
OR
openbsdopensshMatch3.7
OR
openbsdopensshMatch3.7.1
OR
openbsdopensshMatch3.7.1p1
OR
openbsdopensshMatch3.7.1p2
OR
openbsdopensshMatch3.8
OR
openbsdopensshMatch3.8.1
OR
openbsdopensshMatch3.8.1p1
OR
openbsdopensshMatch3.9
OR
openbsdopensshMatch3.9.1
OR
openbsdopensshMatch3.9.1p1
OR
openbsdopensshMatch4.0
OR
openbsdopensshMatch4.0p1
OR
openbsdopensshMatch4.1
OR
openbsdopensshMatch4.1p1
OR
openbsdopensshMatch4.2
OR
openbsdopensshMatch4.2p1
OR
openbsdopensshMatch4.3
OR
openbsdopensshMatch4.3p1
OR
openbsdopensshMatch4.3p2
OR
openbsdopensshMatch4.4
OR
openbsdopensshMatch4.4p1
OR
openbsdopensshMatch4.5
OR
openbsdopensshMatch4.6
OR
openbsdopensshMatch4.7
OR
openbsdopensshMatch4.8
OR
openbsdopensshMatch4.9
OR
openbsdopensshMatch5.0
OR
openbsdopensshMatch5.1
OR
openbsdopensshMatch5.2
OR
openbsdopensshMatch5.3
OR
openbsdopensshMatch5.4
OR
openbsdopensshMatch5.5
OR
openbsdopensshMatch5.6
OR
openbsdopensshMatch5.7

Related

ubuntucve 1
nessus 12
oraclelinux 1
cvelist 1
openvas 10
prion 1
f5 2
redhat 1
veracode 1
amazon 1
debiancve 1
nvd 1
centos 1
gentoo 1
rosalinux 1
ubuntucve
ubuntucve
CVE-2011-5000
2012-04-05 00:00:00
nessus
nessus
Oracle Linux 6 : openssh (ELSA-2012-0884)
2013-07-12 00:00:00
CentOS 6 : openssh (CESA-2012:0884)
2012-07-11 00:00:00
Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20120620)
2012-08-01 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2012-06-27 00:00:00
cvelist
cvelist
CVE-2011-5000
2012-04-04 10:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2012-99)
2015-09-08 00:00:00
CentOS Update for openssh CESA-2012:0884 centos6
2012-07-30 00:00:00
CentOS Update for openssh CESA-2012:0884 centos6
2012-07-30 00:00:00
prion
prion
Authentication flaw
2012-04-05 14:55:00
f5
f5
SOL14740 - OpenSSH vulnerability CVE-2011-5000
2013-10-10 00:00:00
K14740 : OpenSSH vulnerability CVE-2011-5000
2013-10-10 00:00:00
redhat
redhat
(RHSA-2012:0884) Low: openssh security, bug fix, and enhancement update
2012-06-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:52:41
amazon
amazon
Medium: openssh
2012-07-05 16:18:00
debiancve
debiancve
CVE-2011-5000
2012-04-05 14:55:03
nvd
nvd
CVE-2011-5000
2012-04-05 14:55:03
centos
centos
openssh, pam_ssh_agent_auth security update
2012-07-10 17:25:37
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2014-05-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

4.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.0%

JSON
Related for CVE-2011-5000
ubuntucve1nessus12oraclelinux1cvelist1openvas10prion1f52redhat1veracode1amazon1debiancve1nvd1centos1gentoo1rosalinux1