CVE-2011-5000
Published: 5 April 2012
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| quantal |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| raring |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| saucy |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| trusty |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
| vivid |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
|
Patches: upstream: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/gss-serv.c.diff?r1=1.22;r2=1.23 |
||