English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902488
Category:General
Title:OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
Summary:OpenSSH sshd with GSSAPI enabled is prone to credential disclosure vulnerability.
Description:Summary:
OpenSSH sshd with GSSAPI enabled is prone to credential disclosure vulnerability.

Vulnerability Insight:
The flaw is due to an error in handling GSSAPI credential delegation,
Which allow GSSAPI credentials to be delegated to users who log in with methods other than GSSAPI authentication
(e.g. public key) when the client requests it.

Vulnerability Impact:
Successful exploitation could allows remote attackers to bypass security
restrictions and gain escalated privileges.

Affected Software/OS:
OpenSSH version prior to 4.2.

Solution:
Upgrade OpenSSH to 4.2 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2798
1014845
http://securitytracker.com/id?1014845
14729
http://www.securityfocus.com/bid/14729
16686
http://secunia.com/advisories/16686
17077
http://secunia.com/advisories/17077
17245
http://secunia.com/advisories/17245
18010
http://secunia.com/advisories/18010
18406
http://secunia.com/advisories/18406
18507
http://secunia.com/advisories/18507
18661
http://secunia.com/advisories/18661
18717
http://secunia.com/advisories/18717
19141
http://www.osvdb.org/19141
ADV-2006-0144
http://www.vupen.com/english/advisories/2006/0144
HPSBUX02090
http://www.securityfocus.com/archive/1/421411/100/0/threaded
MDKSA-2005:172
http://www.mandriva.com/security/advisories?name=MDKSA-2005:172
RHSA-2005:527
http://www.redhat.com/support/errata/RHSA-2005-527.html
SCOSA-2005.53
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
SSRT051058
SUSE-SR:2006:003
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
USN-209-1
https://usn.ubuntu.com/209-1/
[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
hpux-secure-shell-dos(24064)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
oval:org.mitre.oval:def:1345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345
oval:org.mitre.oval:def:1566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566
oval:org.mitre.oval:def:9717
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.