CVE-2012-0814

Severity

35%

Complexity

68%

Confidentiality

48%

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

CVSS 2.0 Base Score 3.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N).

Overview

Type

OpenBSD

First reported 13 years ago

2012-01-27 19:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

OpenBSD OpenSSH 1.2

1.2

OpenBSD OpenSSH 1.2.1

1.2.1

OpenBSD OpenSSH 1.2.2

1.2.2

OpenBSD OpenSSH 1.2.3

1.2.3

OpenBSD OpenSSH 1.2.27

1.2.27

OpenBSD OpenSSH 1.3

1.3

OpenBSD OpenSSH 1.5

1.5

OpenBSD OpenSSH 1.5.7

1.5.7

OpenBSD OpenSSH 1.5.8

1.5.8

OpenBSD OpenSSH 2

2

OpenBSD OpenSSH 2.1

2.1

OpenBSD OpenSSH 2.1.1

2.1.1

OpenBSD OpenSSH 2.2

2.2

OpenBSD OpenSSH 2.3

2.3

OpenBSD OpenSSH 2.3.1

2.3.1

OpenBSD OpenSSH 2.5

2.5

OpenBSD OpenSSH 2.5.1

2.5.1

OpenBSD OpenSSH 2.5.2

2.5.2

OpenBSD OpenSSH 2.9

2.9

OpenBSD OpenSSH 2.9.9

2.9.9

OpenBSD OpenSSH 2.9.9 p2

2.9.9p2

OpenBSD OpenSSH 2.9 p1

2.9p1

OpenBSD OpenSSH 2.9 p2

2.9p2

OpenBSD OpenSSH 3.0

3.0

OpenBSD OpenSSH 3.0.1

3.0.1

OpenBSD OpenSSH 3.0.1 p1

3.0.1p1

OpenBSD OpenSSH 3.0.2

3.0.2

OpenBSD OpenSSH 3.0.2p1

3.0.2p1

OpenBSD OpenSSH 3.0 p1

3.0p1

OpenBSD OpenSSH 3.1

3.1

OpenBSD OpenSSH 3.1 p1

3.1p1

OpenBSD OpenSSH 3.2

3.2

OpenBSD OpenSSH 3.2.2

3.2.2

OpenBSD OpenSSH 3.2.2 p1

3.2.2p1

OpenBSD OpenSSH 3.2.3 p1

3.2.3p1

OpenBSD OpenSSH 3.3

3.3

OpenBSD OpenSSH 3.3 p1

3.3p1

OpenBSD OpenSSH 3.4

3.4

OpenBSD OpenSSH 3.4 p1

3.4p1

OpenBSD OpenSSH 3.5

3.5

OpenBSD OpenSSH 3.5 p1

3.5p1

OpenBSD OpenSSH 3.6

3.6

OpenBSD OpenSSH 3.6.1

3.6.1

OpenBSD OpenSSH 3.6.1 p1

3.6.1p1

OpenBSD OpenSSH 3.6.1 p2

3.6.1p2

OpenBSD OpenSSH 3.7

3.7

OpenBSD OpenSSH 3.7.1

3.7.1

OpenBSD OpenSSH 3.7.1 p1

3.7.1p1

OpenBSD OpenSSH 3.7.1 p2

3.7.1p2

OpenBSD OpenSSH 3.8

3.8

OpenBSD OpenSSH 3.8.1

3.8.1

OpenBSD OpenSSH 3.8.1 p1

3.8.1p1

OpenBSD OpenSSH 3.9

3.9

OpenBSD OpenSSH 3.9.1

3.9.1

OpenBSD OpenSSH 3.9.1 p1

3.9.1p1

OpenBSD OpenSSH 4.0

4.0

OpenBSD OpenSSH Portable 4.0.p1

4.0p1

OpenBSD OpenSSH 4.1

4.1

OpenBSD OpenSSH Portable 4.1.p1

4.1p1

OpenBSD OpenSSH 4.2

4.2

OpenBSD OpenSSH Portable 4.2.p1

4.2p1

OpenBSD OpenSSH 4.3

4.3

OpenBSD OpenSSH Portable 4.3.p1

4.3p1

OpenBSD OpenSSH Portable 4.3.p2

4.3p2

OpenBSD OpenSSH 4.4

4.4

OpenBSD OpenSSH Portable 4.4.p1

4.4p1

OpenBSD OpenSSH 4.5

4.5

OpenBSD OpenSSH 4.6

4.6

OpenBSD OpenSSH 4.7

4.7

OpenBSD OpenSSH 4.8

4.8

OpenBSD OpenSSH 4.9

4.9

OpenBSD OpenSSH 5.0

5.0

OpenBSD OpenSSH 5.1

5.1

OpenBSD OpenSSH 5.2

5.2

OpenBSD OpenSSH 5.3

5.3

OpenBSD OpenSSH 5.4

5.4

OpenBSD OpenSSH 5.5

5.5

OpenBSD OpenSSH

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

[oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

[oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

[oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients

78706

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54

51702

opensshserver-commands-info-disc(72756)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.