Search the VMware Knowledge Base (KB)
View by Article ID

Security Response to CVE-2005-2798, OpenSSH GSSAPIDelegateCredentials Enabled (2282)

  • 2 Ratings


What is VMware's response to the following issues:
  • CVE-2005-2798 - sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.

  • CVE-2006-5052 - Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

 Is there any action I need to take?


VMware Security Response
CVE identifier CVE-2005-2798, CVE-2006-5052
Synopsis OpenSSH GSSAPIDelegateCredentials Enabled
Response issued on 2006-06-19
Response updated on 2007-09-25: Updated to include CVE-2006-5052

Relevant Release

The issue was first reported on ESX Server 2.5.2 build-21059.


ESX Server doesn't enable GSSAPIDelegateCredentials by default.  This is a false-positive report based on version checking.


alertz; urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 2 Ratings