CVE-2006-5052

Description

Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

How to fix CVE-2006-5052

To remediate CVE-2006-5052, upgrade the affected package to a fixed version below.

• Debian/openssh—upgrade to 1:4.6p1-1 or later

Is CVE-2006-5052 being exploited?

Moderate — EPSS is 15.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1:4.6p1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5052