CVE-2006-5051 — Double Free in Openssh

CWE-415 — Double Free CWE-362 — Race Condition CWE-364 — Signal Handler Race Condition18 documents11 sources

Severity

8.1HIGHNVD

EPSS

2.6%

top 14.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Apple MAC OS X Apple MAC OS X Server +1 more

Timeline

PublishedSep 27

Latest updateAug 7

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

▶Debianopenbsd/openssh< 1:4.6p1-1+3

▶NVDopenbsd/openssh4.4

▶NVDapple/mac_os_x10.4 — 10.4.8+1

▶NVDapple/mac_os_x_server10.4 — 10.4.8+1

Also affects: Debian Linux 3.1

🔴Vulnerability Details

GHSA

GHSA-mq5h-r3rg-j9hg: Signal handler race condition in OpenSSH before 4↗2022-05-03

▶

OSV

CVE-2006-5051: Signal handler race condition in OpenSSH before 4↗2006-09-27

▶

CVEList

CVE-2006-5051: Signal handler race condition in OpenSSH before 4↗2006-09-27

▶

📋Vendor Advisories

BSD

FreeBSD-SA-24:08.openssh: OpenSSH pre-authentication async signal safety issue↗2024-08-07

▶

BSD

FreeBSD-SA-24:04.openssh: OpenSSH pre-authentication remote code execution↗2024-07-01

▶

Red Hat

openssh: regreSSHion - race condition in SSH allows RCE/DoS↗2024-07-01

▶

Ubuntu

openssh vulnerabilities↗2006-10-02

▶

BSD

FreeBSD-SA-06:22.openssh: Multiple vulnerabilities in OpenSSH↗2006-09-30

▶

💬Community

Bugzilla

CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)↗2006-09-30

▶

Bugzilla

CVE-2006-5051 unsafe GSSAPI signal handler↗2006-09-28

▶

Bugzilla

CVE-2006-5051 unsafe GSSAPI signal handler↗2006-09-28

▶

Bugzilla

CVE-2006-5051 unsafe GSSAPI signal handler↗2006-09-27

▶