Vulnerability Name:

CVE-2005-2798 (CCN-22117)

Assigned:2005-09-01
Published:2005-09-01
Updated:2018-10-19
Summary:sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: OpenSSH FTP Download Web page
FTP page

Source: SCO
Type: UNKNOWN
SCOSA-2005.53

Source: MITRE
Type: CNA
CVE-2005-2798

Source: CCN
Type: HP SUPPORT COMMUNICATION - SECURITY BULLETIN c00589050
HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS)

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:003

Source: CCN
Type: RHSA-2005-527
openssh security update

Source: CCN
Type: SA16686
OpenSSH Two Security Issues

Source: SECUNIA
Type: Patch, Vendor Advisory
16686

Source: SECUNIA
Type: UNKNOWN
17077

Source: SECUNIA
Type: UNKNOWN
17245

Source: SECUNIA
Type: UNKNOWN
18010

Source: CCN
Type: SA18406
HP-UX Secure Shell Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
18406

Source: CCN
Type: SA18507
Avaya PDS HP-UX SecureShell Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
18507

Source: CCN
Type: SA18661
Avaya Intuity Audix Two OpenSSH Security Issues

Source: SECUNIA
Type: UNKNOWN
18661

Source: SECUNIA
Type: UNKNOWN
18717

Source: CCN
Type: SECTRACK ID: 1014845
OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases

Source: SECTRACK
Type: UNKNOWN
1014845

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm

Source: CCN
Type: ASA-2006-016
HP-UX Secure Shell Remote Denial of Service (HPSBUX02090)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm

Source: CCN
Type: ASA-2006-033
OpenSSH Multiple Vulnerabilities (SCOSA-2005.53)

Source: CCN
Type: ASA-2007-113
openssh security update (RHSA-2005-527)

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:172

Source: MLIST
Type: UNKNOWN
[openssh-unix-announce] 20050901 Announce: OpenSSH 4.2 released

Source: OSVDB
Type: UNKNOWN
19141

Source: CCN
Type: OSVDB ID: 19141
OpenSSH GSSAPIAuthentication Credential Escalation

Source: REDHAT
Type: UNKNOWN
RHSA-2005:527

Source: HP
Type: UNKNOWN
HPSBUX02090

Source: BID
Type: UNKNOWN
14729

Source: CCN
Type: BID-14729
OpenSSH GSSAPI Credential Disclosure Vulnerability

Source: CCN
Type: TLSA-2005-100
GSSAPI credentials vulnerability

Source: CCN
Type: USN-209-1
SSH server vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0144

Source: XF
Type: UNKNOWN
openssh-gssapi-gain-privileges(22117)

Source: XF
Type: UNKNOWN
hpux-secure-shell-dos(24064)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1345

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1566

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9717

Source: UBUNTU
Type: UNKNOWN
USN-209-1

Source: SUSE
Type: SUSE-SR:2006:003
SUSE Security Summary Report

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052798
    V
    CVE-2005-2798
    2015-11-16
    oval:org.mitre.oval:def:9717
    V
    sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
    2013-04-29
    oval:org.mitre.oval:def:1345
    V
    Leaking GSSAPI Credentials Vulnerability (B.11.23)
    2006-02-22
    oval:org.mitre.oval:def:1566
    V
    Leaking GSSAPI Credentials Vulnerability (B.11.00/B.11.11)
    2006-02-22
    oval:com.redhat.rhsa:def:20050527
    P
    RHSA-2005:527: openssh security update (Moderate)
    2005-10-05
    BACK
    openbsd openssh 3.0
    openbsd openssh 3.0.1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.2
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0p1
    openbsd openssh 3.1
    openbsd openssh 3.1p1
    openbsd openssh 3.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3
    openbsd openssh 3.3p1
    openbsd openssh 3.4
    openbsd openssh 3.4p1
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 3.7
    openbsd openssh 3.7.1
    openbsd openssh 3.7.1p2
    openbsd openssh 3.8
    openbsd openssh 3.8.1
    openbsd openssh 3.8.1p1
    openbsd openssh 3.9
    openbsd openssh 3.9.1
    openbsd openssh 3.9.1p1
    openbsd openssh 4.0p1
    openbsd openssh 4.1p1
    openbsd openssh 2.1.1
    openbsd openssh 2.5.2
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.9
    openbsd openssh 3.0
    openbsd openssh 3.2.2p1
    openbsd openssh 3.4p1
    openbsd openssh 3.4
    openbsd openssh 3.6.1p2
    openbsd openssh 2.9.9p2
    openbsd openssh 4.1p1
    openbsd openssh 4.0p1
    openbsd openssh 3.0p1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.1
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0.2
    openbsd openssh 3.1p1
    openbsd openssh 3.1
    openbsd openssh 3.2
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3p1
    openbsd openssh 3.3
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1
    openbsd openssh 3.7
    openbsd openssh 3.7.1p2
    openbsd openssh 3.7.1
    openbsd openssh 3.8
    openbsd openssh 3.8.1p1
    openbsd openssh 3.8.1
    openbsd openssh 3.9
    openbsd openssh 3.9.1p1
    openbsd openssh 3.9.1
    openbsd openssh 2.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9.9
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.2.1
    openbsd openssh 1.2
    openbsd openssh 3.2.3p1
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *