Lucene search
Veracode Vulnerability DatabaseVERACODE:10824HistoryJan 15, 2019 - 8:52 a.m.
Denial Of Service (DoS)
2019-01-1508:52:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.004 Low
EPSS
Percentile
72.0%
openssh is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field.
| CPE | Name | Operator | Version |
|---|---|---|---|
| openssh | eq | 5.3p1__20.el6 | |
| openssh | eq | 5.3p1__70.el6_2.2 | |
| openssh | eq | 5.3p1__52.el6 | |
| openssh | eq | 5.3p1__52.el6_1.2 | |
| openssh | eq | 5.3p1__70.el6 | |
| openssh | eq | 5.3p1__20.el6_0.3 |
References
rhn.redhat.com/errata/RHSA-2012-0884.html
seclists.org/fulldisclosure/2011/Aug/2
site.pi3.com.pl/adv/ssh_1.txt
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=657378
bugzilla.redhat.com/show_bug.cgi?id=732955
bugzilla.redhat.com/show_bug.cgi?id=797384
rhn.redhat.com/errata/RHSA-2012-0884.html
Related
ubuntucve
ubuntucve
CVE-2011-5000
2012-04-05 00:00:00
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2012-06-27 00:00:00
cvelist
cvelist
CVE-2011-5000
2012-04-04 10:00:00
nessus
nessus
CentOS 6 : openssh (CESA-2012:0884)
2012-07-11 00:00:00
Oracle Linux 6 : openssh (ELSA-2012-0884)
2013-07-12 00:00:00
Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20120620)
2012-08-01 00:00:00
cve
cve
CVE-2011-5000
2012-04-05 14:55:03
f5
f5
SOL14740 - OpenSSH vulnerability CVE-2011-5000
2013-10-10 00:00:00
K14740 : OpenSSH vulnerability CVE-2011-5000
2013-10-10 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2012-99)
2015-09-08 00:00:00
CentOS Update for openssh CESA-2012:0884 centos6
2012-07-30 00:00:00
CentOS Update for openssh CESA-2012:0884 centos6
2012-07-30 00:00:00
prion
prion
Authentication flaw
2012-04-05 14:55:00
redhat
redhat
(RHSA-2012:0884) Low: openssh security, bug fix, and enhancement update
2012-06-20 00:00:00
amazon
amazon
Medium: openssh
2012-07-05 16:18:00
debiancve
debiancve
CVE-2011-5000
2012-04-05 14:55:03
nvd
nvd
CVE-2011-5000
2012-04-05 14:55:03
centos
centos
openssh, pam_ssh_agent_auth security update
2012-07-10 17:25:37
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2014-05-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20