Index: [Article Count Order] [Thread]

Date:  Thu, 18 Oct 2007 11:04:35 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark)>
Subject:  [coba-e:10908] ssh vulnerability question
To:  <coba-e (at mark)>
Message-Id:  <091801c811b1$58c50690$6700a8c0@OfficeKen>
References:  <bb9e5a970710161411o6659e0atd46dda2d838bad62 (at mark)> <002601c8104c$ec6107c0$1e64a8c0 (at mark)> <bb9e5a970710171636g4a4e4564i72569ed2d8fe87db (at mark)>
X-Mail-Count: 10908 is showing a vulnerability for SSH where
GssapiAuthentication is set to yes
Solution : Upgrade to OpenSSH 4.4 or later.
Risk factor :  High / CVSS Base Score : 7.6
CVE : CVE-2006-5051, CVE-2006-5052
BID : 20241, 20245
Other references : OSVDB:29264 

Is this actually a vulnerability?

(I did disable the GssapiAuthentication since I don't use it.)

Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.