From redhat bugzilla at $URL: Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5000 to the following vulnerability: Name: CVE-2011-5000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5000 Assigned: 20111224 Reference: FULLDISC:20110801 Useless OpenSSH resources exhausion bug via GSSAPI Reference: http://seclists.org/fulldisclosure/2011/Aug/2 Reference: http://site.pi3.com.pl/adv/ssh_1.txt The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. The upstream fix for this is here: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/gss-serv.c.diff?r1=1.22;r2=1.23 Also note that this is a POST-authentication bug, meaning that an attacker would need to have valid credentials to successfully authenticate to the server in order to exploit this. If a user already has the ability to log into the server, there are a number of other mechanisms that could be exploited (arguably easier) to consume excessive resources on the server.
looks like it's already fixed in 5.9_p1. so just stabilize openssh-5.9_p1-r4.
CVE-2011-5000 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5000): The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
Added to existing glsa request.
This issue was resolved and addressed in GLSA 201405-06 at http://security.gentoo.org/glsa/glsa-201405-06.xml by GLSA coordinator Mikle Kolyada (Zlogene).
