Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Security Response to CVE-2005-2798, OpenSSH GSSAPIDelegateCredentials Enabled (2282)

What is VMware's response to the following issues:

CVE-2005-2798 - sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
CVE-2006-5052 - Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Is there any action I need to take?

VMware Security Response
CVE identifier	CVE-2005-2798, CVE-2006-5052
Synopsis	OpenSSH GSSAPIDelegateCredentials Enabled
CVE URL	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
Response issued on	2006-06-19
Response updated on	2007-09-25: Updated to include CVE-2006-5052

Relevant Release

The issue was first reported on ESX Server 2.5.2 build-21059.

Action

ESX Server doesn't enable GSSAPIDelegateCredentials by default. This is a false-positive report based on version checking.

alertz; urlz

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

1 2 3 4 5
2 Ratings

1 2 3 4 5
2 Ratings

Actions

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)