Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Security Response to CVE-2005-2798, OpenSSH GSSAPIDelegateCredentials Enabled (2282)

Details

What is VMware's response to the following issues:
  • CVE-2005-2798 - sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

  • CVE-2006-5052 - Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

 Is there any action I need to take?

Solution

VMware Security Response
CVE identifier CVE-2005-2798, CVE-2006-5052
Synopsis OpenSSH GSSAPIDelegateCredentials Enabled
CVE URL
Response issued on 2006-06-19
Response updated on 2007-09-25: Updated to include CVE-2006-5052

Relevant Release

The issue was first reported on ESX Server 2.5.2 build-21059.

Action

ESX Server doesn't enable GSSAPIDelegateCredentials by default.  This is a false-positive report based on version checking.


Keywords

alertz; urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 2 Ratings
Actions
KB: