CVE-2012-0814
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2012-0814
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-0814.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2012-0814
- Published
- 2012-01-27T19:55:01Z
- Modified
- 2024-11-21T01:35:46Z
- Summary
- [none]
- Details
-
The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorizedkeys file in its own home directory.
- References
-
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://openwall.com/lists/oss-security/2012/01/26/15
- http://openwall.com/lists/oss-security/2012/01/26/16
- http://openwall.com/lists/oss-security/2012/01/27/1
- http://openwall.com/lists/oss-security/2012/01/27/4
- http://osvdb.org/78706
- http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c
- http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54
- http://www.securityfocus.com/bid/51702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72756
- https://security-tracker.debian.org/tracker/CVE-2012-0814
Affected packages
Debian:11 / openssh
Package
- Name
- openssh
- Purl
- pkg:deb/debian/openssh?arch=source
Debian:12 / openssh
Package
- Name
- openssh
- Purl
- pkg:deb/debian/openssh?arch=source
Debian:13 / openssh
Package
- Name
- openssh
- Purl
- pkg:deb/debian/openssh?arch=source