CVE-2011-4327

Published: 03 February 2014

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

Priority

Medium

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)