Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Published

2006-10-10T23:07:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	openssh	4.1	Yes
Operating System	novell	suse_linux	*	No

References

http://secunia.com/advisories/25979 Vendor Advisory ([email protected])
http://www.osvdb.org/32721 ([email protected])
http://www.securityfocus.com/archive/1/448025/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/448108/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/448156/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/448702/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/20418 ([email protected])
http://www.sybsecurity.com/hack-proventia-1.pdf ([email protected])
http://www.vupen.com/english/advisories/2007/2545 Vendor Advisory ([email protected])
http://secunia.com/advisories/25979 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/32721 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448025/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448108/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448156/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/448702/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/20418 (af854a3a-2127-422b-91ae-364da2661108)
http://www.sybsecurity.com/hack-proventia-1.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2545 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)