Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools

Trace: CVE 2011-5000

CVE 2011-5000

'The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.'

ClearCenter response

Short response

Low security risk. Fixed in backported patch (ClearOS 6.x)

Long response

This bug allows an authenticated SSH users to cause a denial of service condition when gssapi-with-mic authentication is enabled. Since ClearOS allows only root access by default, this condition is low risk where present. Only administrators should be allowed in via SSH (ClearOS 5.x). This issue is fixed in a backported patch (ClearOS 6.x).

Resolution

  • ClearOS 5.x: Only allow trusted authentications via SSH.
  • ClearOS 6.x: Ensure that you are up to date on patches

To validate that you are running openssh-5.3p1-81.el6 or later, run the following: 

rpm -qi openssh

If you need to update, run the following: 

yum update
content/en_us/announcements_cve_cve-2011-5000.txt · Last modified: 2014/12/22 11:20 by dloper

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki
https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2011-5000&1714159889