CVE-2006-5052

Impact:
Low
Public Date:
2006-09-28
Bugzilla:
234643: CVE-2006-5052 Kerberos information leak

The MITRE CVE dictionary describes this issue as:

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Find out more about CVE-2006-5052 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect Red Hat Enterprise Linux 2.1 and 3. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2007-0703.html and https://rhn.redhat.com/errata/RHSA-2007-0540.html respectively.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 5 (openssh) RHSA-2007:0540 2007-11-07
Red Hat Enterprise Linux version 4 (openssh) RHSA-2007:0703 2007-11-15