Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2798

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2798
Last Modified 07 Mar 2011 09:25:02
Published 06 Sep 2005 01:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2798

Summary

sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

Vulnerable Systems

Application

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1p1


References

SECUNIA - 16686

VUPEN - ADV-2006-0144

UBUNTU - USN-209-1

BID - 14729

HP - SSRT051058

HP - HPSBUX02090

REDHAT - RHSA-2005:527

MLIST - [openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released

MANDRIVA - MDKSA-2005:172

SECUNIA - 18406

SECUNIA - 18010

SECUNIA - 17245

SECUNIA - 17077

SCO - SCOSA-2005.53

XF - hpux-secure-shell-dos(24064)

OSVDB - 19141

SECUNIA - 18661

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm

SECTRACK - 1014845

SECUNIA - 18717

SECUNIA - 18507

SUSE - SUSE-SR:2006:003


Last Updated: 27 May 2016 10:40:38