8.1
HIGH
CVE-2006-5051
OpenSSH GSSAPI Authentication Double-Free Denial of Service RCE
Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

INFO

Published Date :

Sept. 27, 2006, 11:07 p.m.

Last Modified :

Nov. 21, 2024, 12:17 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.2
Public PoC/Exploit Available at Github

CVE-2006-5051 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2006-5051 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Apple mac_os_x
2 Apple mac_os_x_server
1 Debian debian_linux
1 Openbsd openssh
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2006-5051.

URL Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Broken Link
http://docs.info.apple.com/article.html?artnum=305214 Broken Link
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Mailing List
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html Mailing List
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Mailing List
http://openssh.org/txt/release-4.4 Release Notes
http://secunia.com/advisories/22158 Broken Link Vendor Advisory
http://secunia.com/advisories/22173 Broken Link Vendor Advisory
http://secunia.com/advisories/22183 Broken Link Vendor Advisory
http://secunia.com/advisories/22196 Broken Link Vendor Advisory
http://secunia.com/advisories/22208 Broken Link Vendor Advisory
http://secunia.com/advisories/22236 Broken Link Vendor Advisory
http://secunia.com/advisories/22245 Broken Link Vendor Advisory
http://secunia.com/advisories/22270 Broken Link Vendor Advisory
http://secunia.com/advisories/22352 Broken Link Vendor Advisory
http://secunia.com/advisories/22362 Broken Link Vendor Advisory
http://secunia.com/advisories/22487 Broken Link Vendor Advisory
http://secunia.com/advisories/22495 Broken Link
http://secunia.com/advisories/22823 Broken Link Vendor Advisory
http://secunia.com/advisories/22926 Broken Link Vendor Advisory
http://secunia.com/advisories/23680 Broken Link Vendor Advisory
http://secunia.com/advisories/24479 Broken Link Vendor Advisory
http://secunia.com/advisories/24799 Broken Link Vendor Advisory
http://secunia.com/advisories/24805 Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc Third Party Advisory
http://security.gentoo.org/glsa/glsa-200611-06.xml Third Party Advisory
http://securitytracker.com/id?1016940 Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 Broken Link
http://sourceforge.net/forum/forum.php?forum_id=681763 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm Third Party Advisory
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Broken Link
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf Broken Link
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf Broken Link
http://www.debian.org/security/2006/dsa-1189 Mailing List
http://www.debian.org/security/2006/dsa-1212 Broken Link
http://www.kb.cert.org/vuls/id/851340 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_62_openssh.html Broken Link
http://www.openbsd.org/errata.html#ssh Release Notes
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html Broken Link
http://www.openwall.com/lists/oss-security/2024/07/01/3
http://www.openwall.com/lists/oss-security/2024/07/28/3
http://www.osvdb.org/29264 Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0697.html Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0698.html Broken Link
http://www.securityfocus.com/bid/20241 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-355-1 Broken Link
http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory US Government Resource
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Broken Link
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Broken Link
http://www.vupen.com/english/advisories/2006/4018 Broken Link
http://www.vupen.com/english/advisories/2006/4329 Broken Link
http://www.vupen.com/english/advisories/2007/0930 Broken Link
http://www.vupen.com/english/advisories/2007/1332 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 Broken Link
https://www.openwall.com/lists/oss-security/2024/07/28/3
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Broken Link
http://docs.info.apple.com/article.html?artnum=305214 Broken Link
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Mailing List
http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html Mailing List
http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Mailing List
http://openssh.org/txt/release-4.4 Release Notes
http://secunia.com/advisories/22158 Broken Link Vendor Advisory
http://secunia.com/advisories/22173 Broken Link Vendor Advisory
http://secunia.com/advisories/22183 Broken Link Vendor Advisory
http://secunia.com/advisories/22196 Broken Link Vendor Advisory
http://secunia.com/advisories/22208 Broken Link Vendor Advisory
http://secunia.com/advisories/22236 Broken Link Vendor Advisory
http://secunia.com/advisories/22245 Broken Link Vendor Advisory
http://secunia.com/advisories/22270 Broken Link Vendor Advisory
http://secunia.com/advisories/22352 Broken Link Vendor Advisory
http://secunia.com/advisories/22362 Broken Link Vendor Advisory
http://secunia.com/advisories/22487 Broken Link Vendor Advisory
http://secunia.com/advisories/22495 Broken Link
http://secunia.com/advisories/22823 Broken Link Vendor Advisory
http://secunia.com/advisories/22926 Broken Link Vendor Advisory
http://secunia.com/advisories/23680 Broken Link Vendor Advisory
http://secunia.com/advisories/24479 Broken Link Vendor Advisory
http://secunia.com/advisories/24799 Broken Link Vendor Advisory
http://secunia.com/advisories/24805 Broken Link Vendor Advisory
http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc Third Party Advisory
http://security.gentoo.org/glsa/glsa-200611-06.xml Third Party Advisory
http://securitytracker.com/id?1016940 Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 Broken Link
http://sourceforge.net/forum/forum.php?forum_id=681763 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm Third Party Advisory
http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Broken Link
http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf Broken Link
http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf Broken Link
http://www.debian.org/security/2006/dsa-1189 Mailing List
http://www.debian.org/security/2006/dsa-1212 Broken Link
http://www.kb.cert.org/vuls/id/851340 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_62_openssh.html Broken Link
http://www.openbsd.org/errata.html#ssh Release Notes
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html Broken Link
http://www.openwall.com/lists/oss-security/2024/07/01/3
http://www.openwall.com/lists/oss-security/2024/07/28/3
http://www.osvdb.org/29264 Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0697.html Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0698.html Broken Link
http://www.securityfocus.com/bid/20241 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-355-1 Broken Link
http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory US Government Resource
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Broken Link
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Broken Link
http://www.vupen.com/english/advisories/2006/4018 Broken Link
http://www.vupen.com/english/advisories/2006/4329 Broken Link
http://www.vupen.com/english/advisories/2007/0930 Broken Link
http://www.vupen.com/english/advisories/2007/1332 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 Broken Link
https://www.openwall.com/lists/oss-security/2024/07/28/3

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

OpenSSH Vulnerabilities list

cve openssh vulnerabilities

Updated: 2 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : Dec. 4, 2024, 1:10 p.m. This repo has been linked 22 different CVEs too.

None

Python

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 3, 2024, 3:15 p.m. This repo has been linked 22 different CVEs too.

bulk scanning tool for 21 different CVE's for OpenSSH

Python

Updated: 3 months, 3 weeks ago
1 stars 0 fork 0 watcher
Born at : Aug. 25, 2024, 6:28 a.m. This repo has been linked 22 different CVEs too.

OpenSSH Vulnerabilities Scanner: Bulk Scanning Tool for 21 different OpenSSH CVEs.

Python

Updated: 1 month, 2 weeks ago
5 stars 6 fork 6 watcher
Born at : Aug. 24, 2024, 10:56 p.m. This repo has been linked 22 different CVEs too.

A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems against potential remote code execution risks associated with affected OpenSSH versions.

Shell

Updated: 4 months ago
0 stars 0 fork 0 watcher
Born at : Aug. 20, 2024, 9:57 a.m. This repo has been linked 3 different CVEs too.

None

Python

Updated: 4 months ago
0 stars 1 fork 1 watcher
Born at : Aug. 19, 2024, 4:45 p.m. This repo has been linked 3 different CVEs too.

None

Updated: 4 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : July 24, 2024, 10:25 a.m. This repo has been linked 3 different CVEs too.

Fix for regreSSHion CVE-2024-6387 for Ubuntu and Debian

Shell

Updated: 5 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 11, 2024, 11:22 p.m. This repo has been linked 3 different CVEs too.

CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.

Python

Updated: 4 months, 3 weeks ago
1 stars 1 fork 1 watcher
Born at : July 11, 2024, 2:37 p.m. This repo has been linked 2 different CVEs too.

Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs.

Updated: 5 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : July 11, 2024, 11:56 a.m. This repo has been linked 22 different CVEs too.

Vulnerability remediation and mitigationCVE-2024-6387

Updated: 4 months, 1 week ago
5 stars 0 fork 0 watcher
Born at : July 5, 2024, 9:29 p.m. This repo has been linked 3 different CVEs too.

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Python

Updated: 5 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : July 4, 2024, 9:20 p.m. This repo has been linked 2 different CVEs too.

Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387

Shell

Updated: 5 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : July 4, 2024, 1:15 p.m. This repo has been linked 3 different CVEs too.

Scanning for open SSH connections (regardless of port) reporting hostname, openssh versions and vulnerabilities

Python

Updated: 5 months, 2 weeks ago
2 stars 0 fork 0 watcher
Born at : July 2, 2024, 6:55 p.m. This repo has been linked 3 different CVEs too.

Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.

Python

Updated: 1 month, 2 weeks ago
9 stars 1 fork 1 watcher
Born at : July 2, 2024, 2:51 a.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2006-5051 vulnerability anywhere in the article.

  • cloudsecurityalliance.org
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378

Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerabili ... Read more

Published Date: Aug 19, 2024 (4 months ago)
  • New Jetpack Site
Vulnerabilità regreSSHion in OpenSSH server

07/02/2024 N010724 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica in OpenSSH server (sshd) nei sistemi Linux basati su glibc che consente ad utenti malintenzionati di eseguire del ... Read more

Published Date: Jul 02, 2024 (5 months, 2 weeks ago)

The following table lists the changes that have been made to the CVE-2006-5051 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc
    Added Reference ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc
    Added Reference http://docs.info.apple.com/article.html?artnum=305214
    Added Reference http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
    Added Reference http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html
    Added Reference http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
    Added Reference http://openssh.org/txt/release-4.4
    Added Reference http://secunia.com/advisories/22158
    Added Reference http://secunia.com/advisories/22173
    Added Reference http://secunia.com/advisories/22183
    Added Reference http://secunia.com/advisories/22196
    Added Reference http://secunia.com/advisories/22208
    Added Reference http://secunia.com/advisories/22236
    Added Reference http://secunia.com/advisories/22245
    Added Reference http://secunia.com/advisories/22270
    Added Reference http://secunia.com/advisories/22352
    Added Reference http://secunia.com/advisories/22362
    Added Reference http://secunia.com/advisories/22487
    Added Reference http://secunia.com/advisories/22495
    Added Reference http://secunia.com/advisories/22823
    Added Reference http://secunia.com/advisories/22926
    Added Reference http://secunia.com/advisories/23680
    Added Reference http://secunia.com/advisories/24479
    Added Reference http://secunia.com/advisories/24799
    Added Reference http://secunia.com/advisories/24805
    Added Reference http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc
    Added Reference http://security.gentoo.org/glsa/glsa-200611-06.xml
    Added Reference http://securitytracker.com/id?1016940
    Added Reference http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566
    Added Reference http://sourceforge.net/forum/forum.php?forum_id=681763
    Added Reference http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm
    Added Reference http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf
    Added Reference http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf
    Added Reference http://www.debian.org/security/2006/dsa-1189
    Added Reference http://www.debian.org/security/2006/dsa-1212
    Added Reference http://www.kb.cert.org/vuls/id/851340
    Added Reference http://www.mandriva.com/security/advisories?name=MDKSA-2006:179
    Added Reference http://www.novell.com/linux/security/advisories/2006_62_openssh.html
    Added Reference http://www.openbsd.org/errata.html#ssh
    Added Reference http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html
    Added Reference http://www.openwall.com/lists/oss-security/2024/07/01/3
    Added Reference http://www.openwall.com/lists/oss-security/2024/07/28/3
    Added Reference http://www.osvdb.org/29264
    Added Reference http://www.redhat.com/support/errata/RHSA-2006-0697.html
    Added Reference http://www.redhat.com/support/errata/RHSA-2006-0698.html
    Added Reference http://www.securityfocus.com/bid/20241
    Added Reference http://www.ubuntu.com/usn/usn-355-1
    Added Reference http://www.us-cert.gov/cas/techalerts/TA07-072A.html
    Added Reference http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
    Added Reference http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
    Added Reference http://www.vupen.com/english/advisories/2006/4018
    Added Reference http://www.vupen.com/english/advisories/2006/4329
    Added Reference http://www.vupen.com/english/advisories/2007/0930
    Added Reference http://www.vupen.com/english/advisories/2007/1332
    Added Reference http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
    Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387
    Added Reference https://www.openwall.com/lists/oss-security/2024/07/28/3
  • CVE Modified by [email protected]

    Jul. 29, 2024

    Action Type Old Value New Value
    Added Reference Red Hat, Inc. https://www.openwall.com/lists/oss-security/2024/07/28/3 [No types assigned]
  • CVE Modified by [email protected]

    Jul. 28, 2024

    Action Type Old Value New Value
    Added Reference Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/07/28/3 [No types assigned]
  • CVE Modified by [email protected]

    Jul. 01, 2024

    Action Type Old Value New Value
    Added Reference Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/07/01/3 [No types assigned]
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Modified Analysis by [email protected]

    Feb. 02, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc No Types Assigned ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc Broken Link
    Changed Reference Type ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc No Types Assigned ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Broken Link
    Changed Reference Type http://docs.info.apple.com/article.html?artnum=305214 No Types Assigned http://docs.info.apple.com/article.html?artnum=305214 Broken Link
    Changed Reference Type http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html No Types Assigned http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Mailing List
    Changed Reference Type http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html No Types Assigned http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html Mailing List
    Changed Reference Type http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 No Types Assigned http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Mailing List
    Changed Reference Type http://openssh.org/txt/release-4.4 No Types Assigned http://openssh.org/txt/release-4.4 Release Notes
    Changed Reference Type http://secunia.com/advisories/22158 Vendor Advisory http://secunia.com/advisories/22158 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22173 Vendor Advisory http://secunia.com/advisories/22173 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22183 Vendor Advisory http://secunia.com/advisories/22183 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22196 Vendor Advisory http://secunia.com/advisories/22196 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22208 Vendor Advisory http://secunia.com/advisories/22208 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22236 Vendor Advisory http://secunia.com/advisories/22236 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22245 Vendor Advisory http://secunia.com/advisories/22245 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22270 Vendor Advisory http://secunia.com/advisories/22270 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22352 Vendor Advisory http://secunia.com/advisories/22352 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22362 Vendor Advisory http://secunia.com/advisories/22362 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22487 Vendor Advisory http://secunia.com/advisories/22487 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22495 No Types Assigned http://secunia.com/advisories/22495 Broken Link
    Changed Reference Type http://secunia.com/advisories/22823 Vendor Advisory http://secunia.com/advisories/22823 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/22926 Vendor Advisory http://secunia.com/advisories/22926 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/23680 Vendor Advisory http://secunia.com/advisories/23680 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/24479 Vendor Advisory http://secunia.com/advisories/24479 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/24799 Vendor Advisory http://secunia.com/advisories/24799 Broken Link, Vendor Advisory
    Changed Reference Type http://secunia.com/advisories/24805 Vendor Advisory http://secunia.com/advisories/24805 Broken Link, Vendor Advisory
    Changed Reference Type http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc No Types Assigned http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc Third Party Advisory
    Changed Reference Type http://security.gentoo.org/glsa/glsa-200611-06.xml No Types Assigned http://security.gentoo.org/glsa/glsa-200611-06.xml Third Party Advisory
    Changed Reference Type http://securitytracker.com/id?1016940 No Types Assigned http://securitytracker.com/id?1016940 Broken Link, Third Party Advisory, VDB Entry
    Changed Reference Type http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 No Types Assigned http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 Broken Link
    Changed Reference Type http://sourceforge.net/forum/forum.php?forum_id=681763 No Types Assigned http://sourceforge.net/forum/forum.php?forum_id=681763 Broken Link
    Changed Reference Type http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm No Types Assigned http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm Third Party Advisory
    Changed Reference Type http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf No Types Assigned http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf Broken Link
    Changed Reference Type http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf No Types Assigned http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf Broken Link
    Changed Reference Type http://www.debian.org/security/2006/dsa-1189 No Types Assigned http://www.debian.org/security/2006/dsa-1189 Mailing List
    Changed Reference Type http://www.debian.org/security/2006/dsa-1212 No Types Assigned http://www.debian.org/security/2006/dsa-1212 Broken Link
    Changed Reference Type http://www.kb.cert.org/vuls/id/851340 US Government Resource http://www.kb.cert.org/vuls/id/851340 Third Party Advisory, US Government Resource
    Changed Reference Type http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 No Types Assigned http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 Third Party Advisory
    Changed Reference Type http://www.novell.com/linux/security/advisories/2006_62_openssh.html No Types Assigned http://www.novell.com/linux/security/advisories/2006_62_openssh.html Broken Link
    Changed Reference Type http://www.openbsd.org/errata.html#ssh No Types Assigned http://www.openbsd.org/errata.html#ssh Release Notes
    Changed Reference Type http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html No Types Assigned http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html Broken Link
    Changed Reference Type http://www.osvdb.org/29264 No Types Assigned http://www.osvdb.org/29264 Broken Link
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2006-0697.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2006-0697.html Broken Link
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2006-0698.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2006-0698.html Broken Link
    Changed Reference Type http://www.securityfocus.com/bid/20241 No Types Assigned http://www.securityfocus.com/bid/20241 Broken Link, Third Party Advisory, VDB Entry
    Changed Reference Type http://www.ubuntu.com/usn/usn-355-1 No Types Assigned http://www.ubuntu.com/usn/usn-355-1 Broken Link
    Changed Reference Type http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory, US Government Resource
    Changed Reference Type http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html No Types Assigned http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Broken Link
    Changed Reference Type http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html No Types Assigned http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Broken Link
    Changed Reference Type http://www.vupen.com/english/advisories/2006/4018 No Types Assigned http://www.vupen.com/english/advisories/2006/4018 Broken Link
    Changed Reference Type http://www.vupen.com/english/advisories/2006/4329 No Types Assigned http://www.vupen.com/english/advisories/2006/4329 Broken Link
    Changed Reference Type http://www.vupen.com/english/advisories/2007/0930 No Types Assigned http://www.vupen.com/english/advisories/2007/0930 Broken Link
    Changed Reference Type http://www.vupen.com/english/advisories/2007/1332 No Types Assigned http://www.vupen.com/english/advisories/2007/1332 Broken Link
    Changed Reference Type http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html No Types Assigned http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Broken Link
    Changed Reference Type https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 No Types Assigned https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 Third Party Advisory, VDB Entry
    Changed Reference Type https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 No Types Assigned https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 Broken Link
    Removed CWE NIST CWE-362
    Added CWE NIST CWE-415
    Changed CPE Configuration OR *cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:* OR *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (including) 4.4
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to (excluding) 10.3.9 *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.8 *cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* versions up to (excluding) 10.3.9 *cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.8
  • CVE Modified by [email protected]

    Oct. 11, 2017

    Action Type Old Value New Value
    Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11387 [No Types Assigned]
    Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 20, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/29254 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 [No Types Assigned]
  • CVE Translated by [email protected]

    Oct. 20, 2016

    Action Type Old Value New Value
    Removed Translation Condición de carrera en el manejador de la señal en OpenSSH anterior a 4.4 permite a atacantes remotos provocar denegación de servicio(caida), y la posibilidad de ejecutar código de su elección si la validación GSSAPI está habilitada, a través de vectores no especificados que conlleva a una doble liberación.
    Added Translation Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación.
  • CVE Modified by [email protected]

    Oct. 18, 2016

    Action Type Old Value New Value
    Removed Reference http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2
    Added Reference http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2
  • Initial Analysis by [email protected]

    Sep. 28, 2006

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2006-5051 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2006-5051 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

86.87 }} -6.00%

score

0.98859

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability