Vulnerability Description
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | <= 4.4 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
- http://rhn.redhat.com/errata/RHSA-2006-0738.html
- http://secunia.com/advisories/22771PatchVendor Advisory
- http://secunia.com/advisories/22772
- http://secunia.com/advisories/22773PatchVendor Advisory
- http://secunia.com/advisories/22778
- http://secunia.com/advisories/22814
- http://secunia.com/advisories/22872
- http://secunia.com/advisories/22932
- http://secunia.com/advisories/23513
- http://secunia.com/advisories/23680
- http://secunia.com/advisories/24055
- http://securitytracker.com/id?1017183
- http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227
- http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227
FAQ
What is CVE-2006-5794?
CVE-2006-5794 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authe...
How severe is CVE-2006-5794?
CVE-2006-5794 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5794?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.