CVE-2011-5000
Published: 5 April 2012
The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Priority
Status
Package | Release | Status |
---|---|---|
openssh Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
quantal |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
raring |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
saucy |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
trusty |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
vivid |
Not vulnerable
(1:5.9p1-5ubuntu1)
|
|
Patches: upstream: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/gss-serv.c.diff?r1=1.22;r2=1.23 |