CVE-2006-5794
HIGH severity · CVSS 7.5
7.5CVSS HIGH
Summary
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)3%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://secunia.com/advisories/22771 ↗
Additional information
- NVD record
- http://secunia.com/advisories/22771Patch
- http://secunia.com/advisories/22773Patch
- ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc
- http://rhn.redhat.com/errata/RHSA-2006-0738.html
- http://secunia.com/advisories/22772
- http://secunia.com/advisories/22778
- http://secunia.com/advisories/22814
- http://secunia.com/advisories/22872