Unrated severityNVD Advisory· Published Sep 6, 2005· Updated Apr 16, 2026
CVE-2005-2798
CVE-2005-2798
Description
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
Affected products
32cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- secunia.com/advisories/16686nvdPatchVendor Advisory
- ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.53/SCOSA-2005.53.txtnvd
- lists.suse.com/archive/suse-security-announce/2006-Feb/0001.htmlnvd
- secunia.com/advisories/17077nvd
- secunia.com/advisories/17245nvd
- secunia.com/advisories/18010nvd
- secunia.com/advisories/18406nvd
- secunia.com/advisories/18507nvd
- secunia.com/advisories/18661nvd
- secunia.com/advisories/18717nvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2006-016.htmnvd
- support.avaya.com/elmodocs2/security/ASA-2006-033.htmnvd
- www.mandriva.com/security/advisoriesnvd
- www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.htmlnvd
- www.osvdb.org/19141nvd
- www.redhat.com/support/errata/RHSA-2005-527.htmlnvd
- www.securityfocus.com/archive/1/421411/100/0/threadednvd
- www.securityfocus.com/bid/14729nvd
- www.vupen.com/english/advisories/2006/0144nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24064nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1345nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1566nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9717nvd
- usn.ubuntu.com/209-1/nvd
News mentions
0No linked articles in our index yet.