Red Hat Bugzilla – Bug 214641
CVE-2006-5794 OpenSSH privilege separation flaw
Last modified: 2007-11-30 17:11:48 EST
+++ This bug was initially created as a clone of Bug #214640 +++
OpenSSH has fixed a minor flaw that could allow a remote attacker to bypass
normal authentication mechanisms if a flaw is ever found that allows an attacker
to control the unprivileged process when privilege separation is enabled.
This flaw is not exploitable by itself. It requires a flaw which allows the
attacker to control the unprivileged process while privilege seperation is enabled.
This issue also affects FC5
openssh-4.3p2-10.0.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.