Vulnerability Description
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 1.2 |
References
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
- http://openssh.org/txt/release-4.4
- http://rhn.redhat.com/errata/RHSA-2006-0697.htmlPatch
- http://secunia.com/advisories/22158PatchVendor Advisory
- http://secunia.com/advisories/22173PatchVendor Advisory
- http://secunia.com/advisories/22495
- http://secunia.com/advisories/22823
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/27588
- http://secunia.com/advisories/28320
- http://security.gentoo.org/glsa/glsa-200611-06.xml
- http://securitytracker.com/id?1016939Patch
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackwarePatch
FAQ
What is CVE-2006-5052?
CVE-2006-5052 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authent...
How severe is CVE-2006-5052?
CVE-2006-5052 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5052?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.