Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0814

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-0814
Last Modified 16 Feb 2012 12:00:00
Published 27 Jan 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0814

Summary

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Vulnerable Systems

Application

  • Openbsd Openssh 1.2

  • Openbsd Openssh 1.2.1

  • Openbsd Openssh 1.2.2

  • Openbsd Openssh 1.2.27

  • Openbsd Openssh 1.2.3

  • Openbsd Openssh 1.3

  • Openbsd Openssh 1.5

  • Openbsd Openssh 1.5.7

  • Openbsd Openssh 1.5.8

  • Openbsd Openssh 2

  • Openbsd Openssh 2.1

  • Openbsd Openssh 2.1.1

  • Openbsd Openssh 2.2

  • Openbsd Openssh 2.3

  • Openbsd Openssh 2.3.1

  • Openbsd Openssh 2.5

  • Openbsd Openssh 2.5.1

  • Openbsd Openssh 2.5.2

  • Openbsd Openssh 2.9

  • Openbsd Openssh 2.9.9

  • Openbsd Openssh 2.9.9p2

  • Openbsd Openssh 2.9p1

  • Openbsd Openssh 2.9p2

  • Openbsd Openssh 3.0

  • Openbsd Openssh 3.0.1

  • Openbsd Openssh 3.0.1p1

  • Openbsd Openssh 3.0.2

  • Openbsd Openssh 3.0.2p1

  • Openbsd Openssh 3.0p1

  • Openbsd Openssh 3.1

  • Openbsd Openssh 3.1p1

  • Openbsd Openssh 3.2

  • Openbsd Openssh 3.2.2

  • Openbsd Openssh 3.2.2p1

  • Openbsd Openssh 3.2.3p1

  • Openbsd Openssh 3.3

  • Openbsd Openssh 3.3p1

  • Openbsd Openssh 3.4

  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.5

  • Openbsd Openssh 3.5p1

  • Openbsd Openssh 3.6

  • Openbsd Openssh 3.6.1

  • Openbsd Openssh 3.6.1p1

  • Openbsd Openssh 3.6.1p2

  • Openbsd Openssh 3.7

  • Openbsd Openssh 3.7.1

  • Openbsd Openssh 3.7.1p1

  • Openbsd Openssh 3.7.1p2

  • Openbsd Openssh 3.8

  • Openbsd Openssh 3.8.1

  • Openbsd Openssh 3.8.1p1

  • Openbsd Openssh 3.9

  • Openbsd Openssh 3.9.1

  • Openbsd Openssh 3.9.1p1

  • Openbsd Openssh 4.0

  • Openbsd Openssh 4.0p1

  • Openbsd Openssh 4.1

  • Openbsd Openssh 4.1p1

  • Openbsd Openssh 4.2

  • Openbsd Openssh 4.2p1

  • Openbsd Openssh 4.3

  • Openbsd Openssh 4.3p1

  • Openbsd Openssh 4.3p2

  • Openbsd Openssh 4.4

  • Openbsd Openssh 4.4p1

  • Openbsd Openssh 4.5

  • Openbsd Openssh 4.6

  • Openbsd Openssh 4.7

  • Openbsd Openssh 4.8

  • Openbsd Openssh 4.9

  • Openbsd Openssh 5.0

  • Openbsd Openssh 5.1

  • Openbsd Openssh 5.2

  • Openbsd Openssh 5.3

  • Openbsd Openssh 5.4

  • Openbsd Openssh 5.5

  • Openbsd Openssh 5.6


References

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54

CONFIRM - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c

MLIST - [oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

MLIST - [oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

MLIST - [oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445

BID - 51702

OSVDB - 78706

XF - opensshserver-commands-info-disc(72756)

Related Patches

Novell SUSE 2012:6672 openssh security update for SLE 11 SP1 i586

Novell SUSE 2012:6672 openssh security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8248 openssh security update for SLE 10 SP4 i586

Novell SUSE 2012:8248 openssh security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:07