OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability Network Vulnerability

Summary

The host is running OpenSSH sshd with GSSAPI enabled and is prone to credential disclosure vulnerability.

Impact

Successful exploitation could allows remote attackers to bypass security restrictions and gain escalated privileges. Impact Level: Application

Solution

Upgrade OpenSSH to 4.2 or later, For updates refer to http://www.openssh.com/

Insight

The flaw is due to an error in handling GSSAPI credential delegation, Which allow GSSAPI credentials to be delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it.

Affected

OpenSSH version prior to 4.2

References

http://osvdb.org/19141
http://secunia.com/advisories/16686
http://securitytracker.com/id?1014845
https://lists.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2798

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Aardvark Topsites Multiple Vulnerabilities
Apache Tomcat XML External Entity Information Disclosure Vulnerability
Arris DOCSIS Password Disclosure
Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities