CVE - CVE-2006-5794

CVE-ID
CVE-2006-5794	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:20956 URL:http://www.securityfocus.com/bid/20956 BUGTRAQ:20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server URL:http://www.securityfocus.com/archive/1/451100/100/0/threaded CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm CONFIRM:http://www.openssh.org/txt/release-4.5 CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CONFIRM:https://issues.rpath.com/browse/RPL-766 MANDRIVA:MDKSA-2006:204 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:204~~ (Obsolete source) OPENPKG:OpenPKG-SA-2006.032 URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html OVAL:oval:org.mitre.oval:def:11840 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 REDHAT:RHSA-2006:0738 URL:http://rhn.redhat.com/errata/RHSA-2006-0738.html SECTRACK:1017183 URL:http://securitytracker.com/id?1017183 SECUNIA:22771 URL:http://secunia.com/advisories/22771 SECUNIA:22772 URL:http://secunia.com/advisories/22772 SECUNIA:22773 URL:http://secunia.com/advisories/22773 SECUNIA:22778 URL:http://secunia.com/advisories/22778 SECUNIA:22814 URL:http://secunia.com/advisories/22814 SECUNIA:22872 URL:http://secunia.com/advisories/22872 SECUNIA:22932 URL:http://secunia.com/advisories/22932 SECUNIA:23513 URL:http://secunia.com/advisories/23513 SECUNIA:23680 URL:http://secunia.com/advisories/23680 SECUNIA:24055 URL:http://secunia.com/advisories/24055 SGI:20061201-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc SUSE:SUSE-SR:2006:026 URL:http://www.novell.com/linux/security/advisories/2006_26_sr.html VUPEN:ADV-2006-4399 URL:~~http://www.vupen.com/english/advisories/2006/4399~~ (Obsolete source) VUPEN:ADV-2006-4400 URL:~~http://www.vupen.com/english/advisories/2006/4400~~ (Obsolete source) XF:openssh-separation-verificaton-weakness(30120) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30120
Assigning CNA
Red Hat, Inc.
Date Record Created
20061108	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061108)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)