CVE-2012-0814
Published: 27 January 2012
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssh Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(verified through testing)
|
| lucid |
Not vulnerable
(verified through testing)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Not vulnerable
(5.8p1-1ubuntu3)
|
|
| oneiric |
Not vulnerable
|
|
| upstream |
Not vulnerable
(5.9p1-2)
|
|
|
Patches: vendor: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54 |
||