Vulnerability CVE-2006-5794 - CERT Civis.Net

Vulnerability Name:

CVE-2006-5794 (CCN-30120)

Assigned:

2006-11-07

Published:

2006-11-07

Updated:

2018-10-17

Summary:

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication.
Note: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: SGI
Type: UNKNOWN
20061201-01-P

Source: MITRE
Type: CNA
CVE-2006-5794

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: CCN
Type: RHSA-2006-0738
Low: openssh security update

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0738

Source: CCN
Type: SA22771
OpenSSH Privilege Separation Monitor Weakness

Source: SECUNIA
Type: Patch, Vendor Advisory
22771

Source: CCN
Type: SA22772
cwRsync OpenSSL Vulnerabilities and OpenSSH Weakness

Source: SECUNIA
Type: UNKNOWN
22772

Source: CCN
Type: SA22773
copssh Privilege Separation Monitor Weakness

Source: SECUNIA
Type: Patch, Vendor Advisory
22773

Source: SECUNIA
Type: UNKNOWN
22778

Source: SECUNIA
Type: UNKNOWN
22814

Source: SECUNIA
Type: UNKNOWN
22872

Source: SECUNIA
Type: UNKNOWN
22932

Source: SECUNIA
Type: UNKNOWN
23513

Source: CCN
Type: SA23680
VMWare ESX Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23680

Source: CCN
Type: SA24055
Avaya Products OpenSSH Privilege Separation Monitor Weakness

Source: SECUNIA
Type: UNKNOWN
24055

Source: CCN
Type: SECTRACK ID: 1017183
OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process

Source: SECTRACK
Type: UNKNOWN
1017183

Source: CCN
Type: SourceForge.net
copssh - Secure and Remote Software Distribution

Source: CCN
Type: SourceForge.net: Files
Secure and Remote Software Distribution - File Release Notes and Changelog - Release Name: 1.4.1

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm

Source: CCN
Type: ASA-2007-048
openssh security update (RHSA-2006-0738)

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:204

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:026

Source: CCN
Type: OpenPKG-SA-2006.032
OpenSSH

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2006.032

Source: CONFIRM
Type: UNKNOWN
http://www.openssh.org/txt/release-4.5

Source: BUGTRAQ
Type: UNKNOWN
20061109 rPSA-2006-0207-1 openssh openssh-client openssh-server

Source: BID
Type: Patch
20956

Source: CCN
Type: BID-20956
OpenSSH Privilege Separation Key Signature Weakness

Source: CCN
Type: TLSA-2006-45
Bypass Authentication

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

Source: VUPEN
Type: UNKNOWN
ADV-2006-4399

Source: VUPEN
Type: UNKNOWN
ADV-2006-4400

Source: XF
Type: UNKNOWN
openssh-separation-verificaton-weakness(30120)

Source: XF
Type: UNKNOWN
openssh-separation-verificaton-weakness(30120)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-766

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11840

Source: SUSE
Type: SUSE-SR:2006:026
SUSE Security Summary Report

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:

Configuration 1:

cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:* (Version <= 4.4)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*

AND

cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20065794	V	CVE-2006-5794	2022-09-02
oval:org.mitre.oval:def:11840	V	Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.	2013-04-29
oval:com.redhat.rhsa:def:20060738	P	RHSA-2006:0738: openssh security update (Low)	2006-11-15