CVE-2006-5051
OpenSSH GSSAPI Authentication Double-Free Denial of Service RCE
Description
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
INFO
Published Date :
Sept. 27, 2006, 11:07 p.m.
Last Modified :
July 29, 2024, 1:15 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
2.2
Public PoC/Exploit Available at Github
CVE-2006-5051 has a 17 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
Affected Products
The following products are affected by CVE-2006-5051
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2006-5051.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
bulk scanning tool for 21 different CVE's for OpenSSH
Python
OpenSSH Vulnerabilities Scanner: Bulk Scanning Tool for 21 different OpenSSH CVEs.
Python
A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems against potential remote code execution risks associated with affected OpenSSH versions.
Shell
None
Python
None
Fix for regreSSHion CVE-2024-6387 for Ubuntu and Debian
Shell
CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH.
Python
Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2024-6409, CVE-2006-5051, CVE-2008-4109, and 16 other CVEs.
Vulnerability remediation and mitigationCVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Python
Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387
Shell
Scanning for open SSH connections (regardless of port) reporting hostname, openssh versions and vulnerabilities
Python
Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications.
Python
Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others.
openssh security-audit security-tools ssh ssh-server
Python
None
Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2006-5051 vulnerability anywhere in the article.
-
cloudsecurityalliance.org
Return of the RCE: Addressing the regreSSHion Vulnerability – CVE-2024-6378
Originally published by Pentera. A Regrettable Resurgence On July 1, 2024, the Qualys Threat Research Unit (TRU) published their discovery of an unauthenticated remote code execution (RCE) vulnerabili ... Read more
The following table lists the changes that have been made to the
CVE-2006-5051 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by [email protected]
Jul. 29, 2024
Action Type Old Value New Value Added Reference Red Hat, Inc. https://www.openwall.com/lists/oss-security/2024/07/28/3 [No types assigned] -
CVE Modified by [email protected]
Jul. 28, 2024
Action Type Old Value New Value Added Reference Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/07/28/3 [No types assigned] -
CVE Modified by [email protected]
Jul. 01, 2024
Action Type Old Value New Value Added Reference Red Hat, Inc. http://www.openwall.com/lists/oss-security/2024/07/01/3 [No types assigned] -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Modified Analysis by [email protected]
Feb. 02, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc No Types Assigned ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc Broken Link Changed Reference Type ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc No Types Assigned ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc Broken Link Changed Reference Type http://docs.info.apple.com/article.html?artnum=305214 No Types Assigned http://docs.info.apple.com/article.html?artnum=305214 Broken Link Changed Reference Type http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html No Types Assigned http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html Mailing List Changed Reference Type http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html No Types Assigned http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html Mailing List Changed Reference Type http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 No Types Assigned http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 Mailing List Changed Reference Type http://openssh.org/txt/release-4.4 No Types Assigned http://openssh.org/txt/release-4.4 Release Notes Changed Reference Type http://secunia.com/advisories/22158 Vendor Advisory http://secunia.com/advisories/22158 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22173 Vendor Advisory http://secunia.com/advisories/22173 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22183 Vendor Advisory http://secunia.com/advisories/22183 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22196 Vendor Advisory http://secunia.com/advisories/22196 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22208 Vendor Advisory http://secunia.com/advisories/22208 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22236 Vendor Advisory http://secunia.com/advisories/22236 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22245 Vendor Advisory http://secunia.com/advisories/22245 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22270 Vendor Advisory http://secunia.com/advisories/22270 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22352 Vendor Advisory http://secunia.com/advisories/22352 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22362 Vendor Advisory http://secunia.com/advisories/22362 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22487 Vendor Advisory http://secunia.com/advisories/22487 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22495 No Types Assigned http://secunia.com/advisories/22495 Broken Link Changed Reference Type http://secunia.com/advisories/22823 Vendor Advisory http://secunia.com/advisories/22823 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/22926 Vendor Advisory http://secunia.com/advisories/22926 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/23680 Vendor Advisory http://secunia.com/advisories/23680 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/24479 Vendor Advisory http://secunia.com/advisories/24479 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/24799 Vendor Advisory http://secunia.com/advisories/24799 Broken Link, Vendor Advisory Changed Reference Type http://secunia.com/advisories/24805 Vendor Advisory http://secunia.com/advisories/24805 Broken Link, Vendor Advisory Changed Reference Type http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc No Types Assigned http://security.freebsd.org/advisories/FreeBSD-SA-06%3A22.openssh.asc Third Party Advisory Changed Reference Type http://security.gentoo.org/glsa/glsa-200611-06.xml No Types Assigned http://security.gentoo.org/glsa/glsa-200611-06.xml Third Party Advisory Changed Reference Type http://securitytracker.com/id?1016940 No Types Assigned http://securitytracker.com/id?1016940 Broken Link, Third Party Advisory, VDB Entry Changed Reference Type http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 No Types Assigned http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.592566 Broken Link Changed Reference Type http://sourceforge.net/forum/forum.php?forum_id=681763 No Types Assigned http://sourceforge.net/forum/forum.php?forum_id=681763 Broken Link Changed Reference Type http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm No Types Assigned http://support.avaya.com/elmodocs2/security/ASA-2006-216.htm Third Party Advisory Changed Reference Type http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf No Types Assigned http://www.arkoon.fr/upload/alertes/36AK-2006-07-FR-1.0_FAST360_OPENSSH.pdf Broken Link Changed Reference Type http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf No Types Assigned http://www.arkoon.fr/upload/alertes/43AK-2006-09-FR-1.0_SSL360_OPENSSH.pdf Broken Link Changed Reference Type http://www.debian.org/security/2006/dsa-1189 No Types Assigned http://www.debian.org/security/2006/dsa-1189 Mailing List Changed Reference Type http://www.debian.org/security/2006/dsa-1212 No Types Assigned http://www.debian.org/security/2006/dsa-1212 Broken Link Changed Reference Type http://www.kb.cert.org/vuls/id/851340 US Government Resource http://www.kb.cert.org/vuls/id/851340 Third Party Advisory, US Government Resource Changed Reference Type http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 No Types Assigned http://www.mandriva.com/security/advisories?name=MDKSA-2006:179 Third Party Advisory Changed Reference Type http://www.novell.com/linux/security/advisories/2006_62_openssh.html No Types Assigned http://www.novell.com/linux/security/advisories/2006_62_openssh.html Broken Link Changed Reference Type http://www.openbsd.org/errata.html#ssh No Types Assigned http://www.openbsd.org/errata.html#ssh Release Notes Changed Reference Type http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html No Types Assigned http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.022-openssh.html Broken Link Changed Reference Type http://www.osvdb.org/29264 No Types Assigned http://www.osvdb.org/29264 Broken Link Changed Reference Type http://www.redhat.com/support/errata/RHSA-2006-0697.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2006-0697.html Broken Link Changed Reference Type http://www.redhat.com/support/errata/RHSA-2006-0698.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2006-0698.html Broken Link Changed Reference Type http://www.securityfocus.com/bid/20241 No Types Assigned http://www.securityfocus.com/bid/20241 Broken Link, Third Party Advisory, VDB Entry Changed Reference Type http://www.ubuntu.com/usn/usn-355-1 No Types Assigned http://www.ubuntu.com/usn/usn-355-1 Broken Link Changed Reference Type http://www.us-cert.gov/cas/techalerts/TA07-072A.html US Government Resource http://www.us-cert.gov/cas/techalerts/TA07-072A.html Third Party Advisory, US Government Resource Changed Reference Type http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html No Types Assigned http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Broken Link Changed Reference Type http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html No Types Assigned http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Broken Link Changed Reference Type http://www.vupen.com/english/advisories/2006/4018 No Types Assigned http://www.vupen.com/english/advisories/2006/4018 Broken Link Changed Reference Type http://www.vupen.com/english/advisories/2006/4329 No Types Assigned http://www.vupen.com/english/advisories/2006/4329 Broken Link Changed Reference Type http://www.vupen.com/english/advisories/2007/0930 No Types Assigned http://www.vupen.com/english/advisories/2007/0930 Broken Link Changed Reference Type http://www.vupen.com/english/advisories/2007/1332 No Types Assigned http://www.vupen.com/english/advisories/2007/1332 Broken Link Changed Reference Type http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html No Types Assigned http://www-unix.globus.org/mail_archive/security-announce/2007/04/msg00000.html Broken Link Changed Reference Type https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 No Types Assigned https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 Third Party Advisory, VDB Entry Changed Reference Type https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 No Types Assigned https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 Broken Link Removed CWE NIST CWE-362 Added CWE NIST CWE-415 Changed CPE Configuration OR *cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:* *cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:* OR *cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to (including) 4.4 Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to (excluding) 10.3.9 *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.8 *cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* versions up to (excluding) 10.3.9 *cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* versions from (including) 10.4 up to (including) 10.4.8 -
CVE Modified by [email protected]
Oct. 11, 2017
Action Type Old Value New Value Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11387 [No Types Assigned] Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11387 [No Types Assigned] -
CVE Modified by [email protected]
Jul. 20, 2017
Action Type Old Value New Value Removed Reference http://xforce.iss.net/xforce/xfdb/29254 [No Types Assigned] Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/29254 [No Types Assigned] -
CVE Translated by [email protected]
Oct. 20, 2016
Action Type Old Value New Value Removed Translation Condición de carrera en el manejador de la señal en OpenSSH anterior a 4.4 permite a atacantes remotos provocar denegación de servicio(caida), y la posibilidad de ejecutar código de su elección si la validación GSSAPI está habilitada, a través de vectores no especificados que conlleva a una doble liberación. Added Translation Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. -
CVE Modified by [email protected]
Oct. 18, 2016
Action Type Old Value New Value Removed Reference http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=115939141729160&w=2 Added Reference http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 -
Initial Analysis by [email protected]
Sep. 28, 2006
Action Type Old Value New Value
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2006-5051 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2006-5051
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
92.88 }} 13.74%
score
0.99072
percentile