CVE-2011-4327
Published: 3 February 2014
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Notes
Author | Note |
---|---|
tyhicks | Per OpenSSH, platforms with /dev/random are not affected. |
Priority
Status
Package | Release | Status |
---|---|---|
openssh Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(code not present)
|
lucid |
Not vulnerable
(code not present)
|
|
maverick |
Not vulnerable
(code not present)
|
|
natty |
Not vulnerable
(code not present)
|
|
oneiric |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(code not present)
|