The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier,
when gssapi-with-mic authentication is enabled, allows remote authenticated
users to cause a denial of service (memory consumption) via a large value in a
certain length field. NOTE: there may be limited scenarios in which this issue
CVSS2 Base Score 3.5
This was fixed in samba-3.6.23-25.el6_7.x86_64 and later.
Apply Unitrends security update v10.29 from 07/27/2018 or later, containing samba-3.6.23-45.el6_9.x86_64