CVE-2006-5051 : Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and po

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Published 2006-09-27 23:07:00

Updated 2024-02-02 15:36:44

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Threat overview for CVE-2006-5051

Top countries where our scanners detected CVE-2006-5051

Top open port discovered on systems with this issue 22

IPs affected by CVE-2006-5051 204,518

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2006-5051!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2006-5051

Probability of exploitation activity in the next 30 days: 72.45%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-5051

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2006-5051

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2006-5051

Red Hat 2007-03-14

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References for CVE-2006-5051

http://secunia.com/advisories/22270

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://openssh.org/txt/release-4.4

Release Notes

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254

OpenSSH signal handler race condition CVE-2006-5051 Vulnerability Report
Third Party Advisory;VDB Entry
http://secunia.com/advisories/22196

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/22245

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.debian.org/security/2006/dsa-1189

[SECURITY] [DSA 1189-1] New openssh-krb5 packages fix denial of service and potential execution of arbitrary code
Mailing List

CVEs referencing this url
http://secunia.com/advisories/22926

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.vupen.com/english/advisories/2007/1332

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
http://secunia.com/advisories/22823

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/22208

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/22487

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/22362

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305214

Broken Link

CVEs referencing this url
http://securitytracker.com/id?1016940

GoDaddy Domain Name Search
Broken Link;Third Party Advisory;VDB Entry
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html

FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
Mailing List
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179

Advisories - Mandriva Linux
Third Party Advisory

CVEs referencing this url
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html

Broken Link

CVEs referencing this url
http://secunia.com/advisories/22173

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/24479

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0698.html

Support
Broken Link

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA07-072A.html

Page Not Found | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
http://secunia.com/advisories/22183

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

VMware vSphere Documentation
Broken Link

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc

Broken Link

CVEs referencing this url
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

VMware vSphere Documentation
Broken Link

CVEs referencing this url
http://www.ubuntu.com/usn/usn-355-1

USN-355-1: openssh vulnerabilities | Ubuntu security notices | Ubuntu
Broken Link

CVEs referencing this url
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf

Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0697.html

Support
Broken Link

CVEs referencing this url
http://secunia.com/advisories/22495

About Secunia Research | Flexera
Broken Link
http://secunia.com/advisories/24805

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc

Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/22352

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://secunia.com/advisories/22236

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.openbsd.org/errata.html#ssh

OpenBSD: Errata and Patches
Release Notes

CVEs referencing this url
http://www.osvdb.org/29264

404 Not Found
Broken Link
http://www.vupen.com/english/advisories/2006/4329

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm

ASA-2006-216 (RHSA-2006-0697)
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/22158

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html

Broken Link

CVEs referencing this url
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2

'Announce: OpenSSH 4.4 released' - MARC
Mailing List

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/0930

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Mailing List

CVEs referencing this url
http://www.securityfocus.com/bid/20241

Broken Link;Third Party Advisory;VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566

The Slackware Linux Project: Slackware Security Advisories
Broken Link

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_62_openssh.html

Security - Support | SUSE
Broken Link

CVEs referencing this url
http://sourceforge.net/forum/forum.php?forum_id=681763

Page not found - SourceForge.net
Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387

404 Not Found
Broken Link
http://secunia.com/advisories/23680

About Secunia Research | Flexera
Broken Link;Vendor Advisory
http://www.vupen.com/english/advisories/2006/4018

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf

Broken Link
http://security.gentoo.org/glsa/glsa-200611-06.xml

OpenSSH: Multiple Denial of Service vulnerabilities (GLSA 200611-06) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://secunia.com/advisories/24799

About Secunia Research | Flexera
Broken Link;Vendor Advisory
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc

Broken Link

CVEs referencing this url
http://www.kb.cert.org/vuls/id/851340

VU#851340 - OpenSSH contains a race condition vulnerability
Third Party Advisory;US Government Resource
http://www.debian.org/security/2006/dsa-1212

Debian -- The Universal Operating System
Broken Link

CVEs referencing this url

Products affected by CVE-2006-5051

Debian » Debian Linux » Version: 3.1
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X
Versions from including (>=) 10.4 and up to, including, (<=) 10.4.8
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X
Versions before (<) 10.3.9
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server
Versions before (<) 10.3.9
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X Server
Versions from including (>=) 10.4 and up to, including, (<=) 10.4.8
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Matching versions
Openbsd » Openssh
Versions up to, including, (<=) 4.4
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-5051