CVE-2006-5794

Description

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

How to fix CVE-2006-5794

To remediate CVE-2006-5794, upgrade the affected package to a fixed version below.

• Debian/openssh—upgrade to 1:4.3p2-6 or later

Is CVE-2006-5794 being exploited?

Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:4.3p2-6

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-5794