Published: 22/02/2013 Updated: 22/04/2019

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 552

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 6.0
fedora project fedora release rawhide -

Synopsis Moderate: openssh security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openssh packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated t ...

Due to the way the pam_ssh_agent_auth PAM module was built, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its m ...

CWE-20 http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa https://bugzilla.redhat.com/show_bug.cgi?id=834618 http://rhn.redhat.com/errata/RHSA-2013-0519.html https://access.redhat.com/errata/RHSA-2013:0519 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2013-165.html

CVE-2012-5536

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect