Rapid7 Vulnerability & Exploit Database

OpenSSH GSSAPI Signal Handler Double Free Memory Corruption

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

OpenSSH GSSAPI Signal Handler Double Free Memory Corruption

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

04/25/2007

Created

07/25/2018

Added

08/07/2007

Modified

05/27/2016

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Solution(s)

openbsd-openssh-upgrade-4_4

References

https://attackerkb.com/topics/cve-2006-5051
APPLE-SA-2007-03-13
20241
TA07-072A
851340
CVE - 2006-5051
DSA-1189
DSA-1212
OVAL11387
RHSA-2006:0697
RHSA-2006:0698
20061001-01-P
SUSE-SA:2006:062
29254

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

OpenSSH GSSAPI Signal Handler Double Free Memory Corruption

OpenSSH GSSAPI Signal Handler Double Free Memory Corruption

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.