Vulnerability Details : CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Threat overview for CVE-2006-5051
Top countries where our scanners detected CVE-2006-5051
Top open port discovered on systems with this issue
22
IPs affected by CVE-2006-5051 204,518
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-5051!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-5051
Probability of exploitation activity in the next 30 days: 72.45%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-5051
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2006-5051
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-5051
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://secunia.com/advisories/22270
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://openssh.org/txt/release-4.4
Release Notes
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
OpenSSH signal handler race condition CVE-2006-5051 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/22196
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22245
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1189
[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary codeMailing List
-
http://secunia.com/advisories/22926
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/1332
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/22823
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22208
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22487
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22362
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://docs.info.apple.com/article.html?artnum=305214
Broken Link
-
http://securitytracker.com/id?1016940
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
FreeBSD Security Advisory FreeBSD-SA-06:22.opensshMailing List
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
Advisories - Mandriva LinuxThird Party Advisory
-
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
Broken Link
-
http://secunia.com/advisories/22173
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/24479
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0698.html
SupportBroken Link
-
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/22183
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
VMware vSphere DocumentationBroken Link
-
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
Broken Link
-
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
VMware vSphere DocumentationBroken Link
-
http://www.ubuntu.com/usn/usn-355-1
USN-355-1: openssh vulnerabilities | Ubuntu security notices | UbuntuBroken Link
-
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2006-0697.html
SupportBroken Link
-
http://secunia.com/advisories/22495
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/24805
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
Third Party Advisory
-
http://secunia.com/advisories/22352
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/22236
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.openbsd.org/errata.html#ssh
OpenBSD: Errata and PatchesRelease Notes
-
http://www.osvdb.org/29264
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2006/4329
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
ASA-2006-216 (RHSA-2006-0697)Third Party Advisory
-
http://secunia.com/advisories/22158
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
Broken Link
-
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
'Announce: OpenSSH 4.4 released' - MARCMailing List
-
http://www.vupen.com/english/advisories/2007/0930
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Mailing List
-
http://www.securityfocus.com/bid/20241
Broken Link;Third Party Advisory;VDB Entry
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
The Slackware Linux Project: Slackware Security AdvisoriesBroken Link
-
http://www.novell.com/linux/security/advisories/2006_62_openssh.html
Security - Support | SUSEBroken Link
-
http://sourceforge.net/forum/forum.php?forum_id=681763
Page not found - SourceForge.netBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387
404 Not FoundBroken Link
-
http://secunia.com/advisories/23680
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4018
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
Broken Link
-
http://security.gentoo.org/glsa/glsa-200611-06.xml
OpenSSH: Multiple Denial of Service vulnerabilities (GLSA 200611-06) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/24799
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
Broken Link
-
http://www.kb.cert.org/vuls/id/851340
VU#851340 - OpenSSH contains a race condition vulnerabilityThird Party Advisory;US Government Resource
-
http://www.debian.org/security/2006/dsa-1212
Debian -- The Universal Operating SystemBroken Link
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*