CVE-2011-5000

Description

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

How to fix CVE-2011-5000

To remediate CVE-2011-5000, upgrade the affected package to a fixed version below.

• Debian/openssh—upgrade to 1:5.9p1-1 or later

Is CVE-2011-5000 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1:5.9p1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-5000