Search for vulnerabilities
Vulnerability details: VCID-y6n8-kbek-aaan
Vulnerability ID VCID-y6n8-kbek-aaan
Aliases CVE-2005-2798
Summary sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2005:527
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.00844 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.01017 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.027 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.02736 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
epss 0.07128 https://api.first.org/data/v1/epss?cve=CVE-2005-2798
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1617757
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2005-2798
Reference id Reference type URL
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txt
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2798.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2798
http://secunia.com/advisories/16686
http://secunia.com/advisories/17077
http://secunia.com/advisories/17245
http://secunia.com/advisories/18010
http://secunia.com/advisories/18406
http://secunia.com/advisories/18507
http://secunia.com/advisories/18661
http://secunia.com/advisories/18717
http://securitytracker.com/id?1014845
https://exchange.xforce.ibmcloud.com/vulnerabilities/24064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717
http://support.avaya.com/elmodocs2/security/ASA-2006-016.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-033.htm
https://usn.ubuntu.com/209-1/
http://www.mandriva.com/security/advisories?name=MDKSA-2005:172
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.osvdb.org/19141
http://www.redhat.com/support/errata/RHSA-2005-527.html
http://www.securityfocus.com/archive/1/421411/100/0/threaded
http://www.securityfocus.com/bid/14729
http://www.vupen.com/english/advisories/2006/0144
1617757 https://bugzilla.redhat.com/show_bug.cgi?id=1617757
326065 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326065
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
CVE-2005-2798 https://nvd.nist.gov/vuln/detail/CVE-2005-2798
RHSA-2005:527 https://access.redhat.com/errata/RHSA-2005:527
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2005-2798
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.81929
EPSS Score 0.00844
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.