Published: 27/01/2012 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The auth_parse_options function in auth-options.c in sshd in OpenSSH prior to 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openssh 5.4
openbsd openssh 2
openbsd openssh 3.8
openbsd openssh 3.8.1p1
openbsd openssh 4.3p2
openbsd openssh 3.2.2
openbsd openssh 3.1
openbsd openssh 5.5
openbsd openssh 3.0.2p1
openbsd openssh 1.5.8
openbsd openssh 5.3
openbsd openssh 4.1
openbsd openssh 3.8.1
openbsd openssh 2.1.1
openbsd openssh 3.7.1p2
openbsd openssh 4.8
openbsd openssh 4.9
openbsd openssh 3.2.3p1
openbsd openssh 3.1p1
openbsd openssh 2.5.1
openbsd openssh 2.9.9p2
openbsd openssh 3.6.1p2
openbsd openssh 3.9
openbsd openssh 3.0
openbsd openssh 1.2.1
openbsd openssh 2.2
openbsd openssh 3.2
openbsd openssh 3.6
openbsd openssh 4.7
openbsd openssh 1.5.7
openbsd openssh 1.2.3
openbsd openssh 3.7
openbsd openssh 4.0p1
openbsd openssh 3.5p1
openbsd openssh 2.3.1
openbsd openssh 3.0.1p1
openbsd openssh 4.4
openbsd openssh 3.7.1p1
openbsd openssh 2.1
openbsd openssh 1.2
openbsd openssh 5.2
openbsd openssh 3.3
openbsd openssh 3.2.2p1
openbsd openssh 3.9.1p1
openbsd openssh 3.0.2
openbsd openssh 3.4p1
openbsd openssh 3.6.1p1
openbsd openssh 3.0.1
openbsd openssh 2.9.9
openbsd openssh 3.6.1
openbsd openssh 4.1p1
openbsd openssh 1.2.2
openbsd openssh 4.2p1
openbsd openssh 4.5
openbsd openssh 2.9p1
openbsd openssh 2.9
openbsd openssh 3.7.1
openbsd openssh
openbsd openssh 1.2.27
openbsd openssh 4.2
openbsd openssh 2.5.2
openbsd openssh 2.3
openbsd openssh 3.4
openbsd openssh 4.4p1
openbsd openssh 4.3p1
openbsd openssh 3.5
openbsd openssh 2.5
openbsd openssh 5.1
openbsd openssh 3.0p1
openbsd openssh 3.3p1
openbsd openssh 4.3
openbsd openssh 4.0
openbsd openssh 3.9.1
openbsd openssh 5.0
openbsd openssh 1.3
openbsd openssh 2.9p2
openbsd openssh 1.5
openbsd openssh 4.6

Debian Bug report logs - #657445 openssh-server: Forced Command handling leaks private information to ssh clients Package: openssh-server; Maintainer for openssh-server is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Source for openssh-server is src:openssh (PTS, buildd, popcon) Affects: gitolite Reported by: Bjo ...

Домашнее задание к занятию "Уязвимости и атаки на информационные системы" - Макаров Денис Инструкция по выполнению домашнего задания Сделайте fork данного репозитория к себе в Github и переименуйте его по н

CWE-255 http://openwall.com/lists/oss-security/2012/01/27/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c http://openwall.com/lists/oss-security/2012/01/26/16 http://openwall.com/lists/oss-security/2012/01/26/15 http://openwall.com/lists/oss-security/2012/01/27/1 http://osvdb.org/78706 http://www.securityfocus.com/bid/51702 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 https://exchange.xforce.ibmcloud.com/vulnerabilities/72756 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 https://nvd.nist.gov

CVE-2012-0814

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect