CVE-2006-5794
published 2006-11-08CVE-2006-5794: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.68%
83.9th percentile
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:4.3p2-6 (bookworm) | openssh 1:4.3p2-6 (bookworm) |
| openbsd | openssh | <= 4.4 | — |
| openbsd | openssh | >= 0 < 1:4.3p2-6 | 1:4.3p2-6 |
| openbsd | openssh | >= 0 < 1:4.3p2-6 | 1:4.3p2-6 |
| openbsd | openssh | >= 0 < 1:4.3p2-6 | 1:4.3p2-6 |
| openbsd | openssh | >= 0 < 1:4.3p2-6 | 1:4.3p2-6 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5r9x-42xj-4x3r: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4
ghsa_unreviewed·2022-05-03
CVE-2006-5794 [HIGH] GHSA-5r9x-42xj-4x3r: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
OSV
CVE-2006-5794: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4
osv·2006-11-08·CVSS 7.5
CVE-2006-5794 [HIGH] CVE-2006-5794: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Red Hat
OpenSSH privilege separation flaw
vendor_redhat·2006-11-07·CVSS 7.5
CVE-2006-5794 [HIGH] OpenSSH privilege separation flaw
OpenSSH privilege separation flaw
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Statement: This issue did not affect Red Hat Enterprise Linux 2.1.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-5794: openssh - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH be...
vendor_debian·2006·CVSS 7.5
CVE-2006-5794 [HIGH] CVE-2006-5794: openssh - Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH be...
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
Scope: local
bookworm: resolved (fixed in 1:4.3p2-6)
bullseye: resolved (fixed in 1:4.3p2-6)
forky: resolved (fixed in 1:4.3p2-6)
sid: resolved (fixed in 1:4.3p2-6)
trixie: resolved (fixed in 1:4.3p2-6)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-5794 OpenSSH privilege separation flaw
bugzilla·2006-11-08·CVSS 7.5
CVE-2006-5794 [HIGH] CVE-2006-5794 OpenSSH privilege separation flaw
CVE-2006-5794 OpenSSH privilege separation flaw
+++ This bug was initially created as a clone of Bug #214640 +++
OpenSSH has fixed a minor flaw that could allow a remote attacker to bypass
normal authentication mechanisms if a flaw is ever found that allows an attacker
to control the unprivileged process when privilege separation is enabled.
This flaw is not exploitable by itself. It requires a flaw which allows the
attacker to control the unprivileged process while privilege seperation is enabled.
This issue also affects FC5
Discussion:
openssh-4.3p2-10.0.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
openssh-4.3p2-10.0.fc6 has been pushed for fc6, which should r
Bugzilla
CVE-2006-5794 OpenSSH privilege separation flaw
bugzilla·2006-11-08·CVSS 7.5
CVE-2006-5794 [HIGH] CVE-2006-5794 OpenSSH privilege separation flaw
CVE-2006-5794 OpenSSH privilege separation flaw
OpenSSH has fixed a minor flaw that could allow a remote attacker to bypass
normal authentication mechanisms if a flaw is ever found that allows an attacker
to control the unprivileged process when privilege separation is enabled.
This flaw is not exploitable by itself. It requires a flaw which allows the
attacker to control the unprivileged process while privilege seperation is enabled.
This issue also affects RHEL3
Discussion:
Fixed packages for RHEL3: openssh-3.6.1p2-33.30.13 in dist-3.0E-errata-candidate
Fixed packages for RHEL4: openssh-3.9p1-8.RHEL4.17.1 in dist-4E-errata-candidate
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution o
Bugzilla
CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
bugzilla·2006-09-30·CVSS 7.5
CVE-2006-4924 [HIGH] CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
creating as a clone of bug 207955 (and also bug 207957 which is for fc5) --
create clone doens't seemt o be workign for me for some reason, so copy/pasted
int he description from those bugs.
Tavis Ormandy of the Google Security Team discovered a denial of service attack
on the openssh sshd daemon when ssh protocol version 1 is enabled. This flaw
will cause the openssh server to consume a large quantity of the CPU until the
specified timeout is reached.
The upstream patches can be found here:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
h
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.aschttp://rhn.redhat.com/errata/RHSA-2006-0738.htmlhttp://secunia.com/advisories/22771http://secunia.com/advisories/22772http://secunia.com/advisories/22773http://secunia.com/advisories/22778http://secunia.com/advisories/22814http://secunia.com/advisories/22872http://secunia.com/advisories/22932http://secunia.com/advisories/23513http://secunia.com/advisories/23680http://secunia.com/advisories/24055http://securitytracker.com/id?1017183http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227http://support.avaya.com/elmodocs2/security/ASA-2007-048.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:204http://www.novell.com/linux/security/advisories/2006_26_sr.htmlhttp://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.htmlhttp://www.openssh.org/txt/release-4.5http://www.securityfocus.com/archive/1/451100/100/0/threadedhttp://www.securityfocus.com/bid/20956http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttp://www.vupen.com/english/advisories/2006/4399http://www.vupen.com/english/advisories/2006/4400https://exchange.xforce.ibmcloud.com/vulnerabilities/30120https://issues.rpath.com/browse/RPL-766https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.aschttp://rhn.redhat.com/errata/RHSA-2006-0738.htmlhttp://secunia.com/advisories/22771http://secunia.com/advisories/22772http://secunia.com/advisories/22773http://secunia.com/advisories/22778http://secunia.com/advisories/22814http://secunia.com/advisories/22872http://secunia.com/advisories/22932http://secunia.com/advisories/23513http://secunia.com/advisories/23680http://secunia.com/advisories/24055http://securitytracker.com/id?1017183http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227http://support.avaya.com/elmodocs2/security/ASA-2007-048.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:204http://www.novell.com/linux/security/advisories/2006_26_sr.htmlhttp://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.htmlhttp://www.openssh.org/txt/release-4.5http://www.securityfocus.com/archive/1/451100/100/0/threadedhttp://www.securityfocus.com/bid/20956http://www.vmware.com/support/vi3/doc/esx-3069097-patch.htmlhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.htmlhttp://www.vupen.com/english/advisories/2006/4399http://www.vupen.com/english/advisories/2006/4400https://exchange.xforce.ibmcloud.com/vulnerabilities/30120https://issues.rpath.com/browse/RPL-766https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840
2006-11-08
Published