CVE-2006-5051

HIGH

OpenSSH <4.4 - DoS

Title source: llm
STIX 2.1

Description

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Exploits (3)

nomisec SCANNER 35 stars
by bigb0x · poc
https://github.com/bigb0x/CVE-2024-6387
nomisec SCANNER 2 stars
by anhvutuan · poc
https://github.com/anhvutuan/CVE-2024-6387-poc-1
nomisec SCANNER 2 stars
by sardine-web · poc
https://github.com/sardine-web/CVE-2024-6387_Check

References (58)

Core 58
Core References
Broken Link vendor-advisory
http://www.ubuntu.com/usn/usn-355-1
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22270
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24805
Third Party Advisory, US Government Resource third-party-advisory
http://www.kb.cert.org/vuls/id/851340
Release Notes vendor-advisory
http://www.openbsd.org/errata.html#ssh
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22487
Third Party Advisory, US Government Resource third-party-advisory
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Third Party Advisory vendor-advisory
http://security.gentoo.org/glsa/glsa-200611-06.xml
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22362
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/23680
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22352
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22236
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24799
Broken Link third-party-advisory
http://secunia.com/advisories/22495
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29254
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/20241
Broken Link vdb-entry
http://www.osvdb.org/29264
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22823
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22183
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22926
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22173
Broken Link, Third Party Advisory, VDB Entry vdb-entry
http://securitytracker.com/id?1016940
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22208
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22245
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22196
Broken Link vendor-advisory
http://www.debian.org/security/2006/dsa-1212
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/22158
Mailing List vendor-advisory
http://www.debian.org/security/2006/dsa-1189
Broken Link, Vendor Advisory third-party-advisory
http://secunia.com/advisories/24479

Scores

CVSS v3 8.1
EPSS 0.0290
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-415
Status published
Products (4)
apple/mac_os_x < 10.3.9
apple/mac_os_x_server < 10.3.9
debian/debian_linux 3.1
openbsd/openssh < 4.4
Published Sep 27, 2006
Tracked Since Feb 18, 2026