CVE-2011-5000
N/A
N/A
Summary
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2011/Aug/2
- http://rhn.redhat.com/errata/RHSA-2012-0884.html
- http://site.pi3.com.pl/adv/ssh_1.txt
References
- http://seclists.org/fulldisclosure/2011/Aug/2
- http://rhn.redhat.com/errata/RHSA-2012-0884.html
- http://site.pi3.com.pl/adv/ssh_1.txt
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.