openssh is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field.
CPE | Name | Operator | Version |
---|---|---|---|
openssh | eq | 5.3p1__20.el6 | |
openssh | eq | 5.3p1__70.el6_2.2 | |
openssh | eq | 5.3p1__52.el6 | |
openssh | eq | 5.3p1__52.el6_1.2 | |
openssh | eq | 5.3p1__70.el6 | |
openssh | eq | 5.3p1__20.el6_0.3 |
rhn.redhat.com/errata/RHSA-2012-0884.html
seclists.org/fulldisclosure/2011/Aug/2
site.pi3.com.pl/adv/ssh_1.txt
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=657378
bugzilla.redhat.com/show_bug.cgi?id=732955
bugzilla.redhat.com/show_bug.cgi?id=797384
rhn.redhat.com/errata/RHSA-2012-0884.html