CVE-2006-5052
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
Date published : 2006-09-27
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html