SB2025080806 - Multiple vulnerabilities in IBM i 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025080806

SB2025080806 - Multiple vulnerabilities in IBM i

Published: August 8, 2025

Security Bulletin ID SB2025080806
Severity
Critical
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2024-39894)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due a logic error in ObscureKeystrokeTiming implementation within the ssh client. A local user with ability to passively observe SSH sessions can recover sensitive input, such as password for the su or sudo programs.


2) Input validation error (CVE-ID: CVE-2025-26466)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input related to SSH2_MSG_PING handling in sshd(8). A remote attacker can send specially crafted packets to the server and perform a denial of service (DoS) attack.


3) Race condition (CVE-ID: CVE-2006-5051)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a race condition in sshd when GSSAPI authentication is enabled. A remote attacker can send specially crafted requests to the daemon, trigger a race condition and execute arbitrary code on the system.


Remediation

Install update from vendor's website.

References