CVE-2006-5051
moderate-risk
Published 2006-09-27
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
Do I need to act?
~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (4)
References (116)
Release Notes
http://openssh.org/txt/release-4.4
Broken Link
http://secunia.com/advisories/22158
Broken Link
http://secunia.com/advisories/22173
Broken Link
http://secunia.com/advisories/22183
Broken Link
http://secunia.com/advisories/22196
Broken Link
http://secunia.com/advisories/22208
Broken Link
http://secunia.com/advisories/22236
Broken Link
http://secunia.com/advisories/22245
Broken Link
http://secunia.com/advisories/22270
Broken Link
http://secunia.com/advisories/22352
Broken Link
http://secunia.com/advisories/22362
Broken Link
http://secunia.com/advisories/22487
Broken Link
http://secunia.com/advisories/22495
Broken Link
http://secunia.com/advisories/22823
and 96 more references
40
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
6/34 · Minimal
Exposure
10/34 · Low