New Search

RHSA-2012:0884: openssh security bug fix and enhancement update (Low)

oval:org.mitre.oval:def:26218

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier when gssapi-with-mic authentication is enabled allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 6
  • CentOS Linux 6
Class:
patch
Reference(s):
  • RHSA-2013:1591-02
  • CESA-2013:1591
  • CVE-2010-5107
Product(s):
  • openssh