Developers Documentation



301 error for file:

User Tools

Site Tools

CVE 2011-5000

'The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.'

ClearCenter response

Short response

Low security risk. Fixed in backported patch (ClearOS 6.x)

Long response

This bug allows an authenticated SSH users to cause a denial of service condition when gssapi-with-mic authentication is enabled. Since ClearOS allows only root access by default, this condition is low risk where present. Only administrators should be allowed in via SSH (ClearOS 5.x). This issue is fixed in a backported patch (ClearOS 6.x).


  • ClearOS 5.x: Only allow trusted authentications via SSH.
  • ClearOS 6.x: Ensure that you are up to date on patches

To validate that you are running openssh-5.3p1-81.el6 or later, run the following:

rpm -qi openssh

If you need to update, run the following:

yum update
content/en_us/announcements_cve_cve-2011-5000.txt · Last modified: 2014/12/22 11:20 by dloper