漏洞信息(CVE-2006-5794)

一、漏洞 CVE-2006-5794 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在OpenSSH 4.5之前，sshd 权限分离监控器中的未指定漏洞可能导致验证 authentication 是否成功减弱，这可能导致攻击者绕过验证。注意：截至20061108年，据信只有通过利用未受特权进程的漏洞才能利用此问题。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

OpenSSH sshd Privilege Separation Monitor 未明漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

OpenSSH的4.5之前版本中的sshd Privilege Separation Monitor存在未明漏洞，导致系统对已经成功的认证的验证更弱，可能让攻击者绕过认证。注：自20061108起，认为此问题只有利用未授权过程中的漏洞才能被利用，而这种过程还未知存在与否。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

授权问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2006-5794 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2006-5794 的情报信息

http://sourceforge.net/project/shownotes.php?release_id=461854&group_id=69227 x_refsource_CONFIRM
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html x_refsource_CONFIRM
http://www.openssh.org/txt/release-4.5 x_refsource_CONFIRM
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?release_id=461863&group_id=69227 x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-766 x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2007-048.htm x_refsource_CONFIRM
http://secunia.com/advisories/22771 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/20956 vdb-entry x_refsource_BID
http://secunia.com/advisories/22814 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22778 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24055 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23680 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22932 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22773 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22872 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/22772 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/23513 third-party-advisory x_refsource_SECUNIA
http://securitytracker.com/id?1017183 vdb-entry x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/4400 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/4399 vdb-entry x_refsource_VUPEN
ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc vendor-advisory x_refsource_SGI
http://www.mandriva.com/security/advisories?name=MDKSA-2006:204 vendor-advisory x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2006-0738.html vendor-advisory x_refsource_REDHAT
http://www.novell.com/linux/security/advisories/2006_26_sr.html vendor-advisory x_refsource_SUSE
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.032-openssh.html vendor-advisory x_refsource_OPENPKG
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11840 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/30120 vdb-entry x_refsource_XF
http://www.securityfocus.com/archive/1/451100/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2006-5794

一、 漏洞 CVE-2006-5794 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2006-5794 的公开POC

三、漏洞 CVE-2006-5794 的情报信息

一、漏洞 CVE-2006-5794 基础信息