CVE-2005-2798 — Openssh vulnerability

10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

2.7%

top 14.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedSep 6

Latest updateMay 3

Description

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:4.2p1-1+3

▶NVDopenbsd/openssh32 versions+31

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-qm2w-x4c4-rq55: sshd in OpenSSH before 4↗2022-05-03

▶

CVEList

CVE-2005-2798: sshd in OpenSSH before 4↗2005-09-06

▶

OSV

CVE-2005-2798: sshd in OpenSSH before 4↗2005-09-06

▶

📋Vendor Advisories

Ubuntu

SSH server vulnerability↗2005-10-18

▶

Red Hat

security flaw↗2005-09-01

▶

Debian

CVE-2005-2798: openssh - sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GS...↗2005

▶

💬Community

Bugzilla

CVE-2005-2798 security flaw↗2018-08-16

▶

Bugzilla

GSSAPI credentials can be delegated to clients who log in using non-GSSAPI methods↗2006-01-25

▶