Lucene search

[email protected]NVD:CVE-2012-0814

HistoryJan 27, 2012 - 7:55 p.m.

CVE-2012-0814

2012-01-2719:55:01

CWE-255

[email protected]

web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Affected configurations

NVD

Node

openbsdopensshRange≤5.6

openbsdopensshMatch1.2

openbsdopensshMatch1.2.1

openbsdopensshMatch1.2.2

openbsdopensshMatch1.2.3

openbsdopensshMatch1.2.27

openbsdopensshMatch1.3

openbsdopensshMatch1.5

openbsdopensshMatch1.5.7

openbsdopensshMatch1.5.8

openbsdopensshMatch2

openbsdopensshMatch2.1

openbsdopensshMatch2.1.1

openbsdopensshMatch2.2

openbsdopensshMatch2.3

openbsdopensshMatch2.3.1

openbsdopensshMatch2.5

openbsdopensshMatch2.5.1

openbsdopensshMatch2.5.2

openbsdopensshMatch2.9

openbsdopensshMatch2.9.9

openbsdopensshMatch2.9.9p2

openbsdopensshMatch2.9p1

openbsdopensshMatch2.9p2

openbsdopensshMatch3.0

openbsdopensshMatch3.0.1

openbsdopensshMatch3.0.1p1

openbsdopensshMatch3.0.2

openbsdopensshMatch3.0.2p1

openbsdopensshMatch3.0p1

openbsdopensshMatch3.1

openbsdopensshMatch3.1p1

openbsdopensshMatch3.2

openbsdopensshMatch3.2.2

openbsdopensshMatch3.2.2p1

openbsdopensshMatch3.2.3p1

openbsdopensshMatch3.3

openbsdopensshMatch3.3p1

openbsdopensshMatch3.4

openbsdopensshMatch3.4p1

openbsdopensshMatch3.5

openbsdopensshMatch3.5p1

openbsdopensshMatch3.6

openbsdopensshMatch3.6.1

openbsdopensshMatch3.6.1p1

openbsdopensshMatch3.6.1p2

openbsdopensshMatch3.7

openbsdopensshMatch3.7.1

openbsdopensshMatch3.7.1p1

openbsdopensshMatch3.7.1p2

openbsdopensshMatch3.8

openbsdopensshMatch3.8.1

openbsdopensshMatch3.8.1p1

openbsdopensshMatch3.9

openbsdopensshMatch3.9.1

openbsdopensshMatch3.9.1p1

openbsdopensshMatch4.0

openbsdopensshMatch4.0p1

openbsdopensshMatch4.1

openbsdopensshMatch4.1p1

openbsdopensshMatch4.2

openbsdopensshMatch4.2p1

openbsdopensshMatch4.3

openbsdopensshMatch4.3p1

openbsdopensshMatch4.3p2

openbsdopensshMatch4.4

openbsdopensshMatch4.4p1

openbsdopensshMatch4.5

openbsdopensshMatch4.6

openbsdopensshMatch4.7

openbsdopensshMatch4.8

openbsdopensshMatch4.9

openbsdopensshMatch5.0

openbsdopensshMatch5.1

openbsdopensshMatch5.2

openbsdopensshMatch5.3

openbsdopensshMatch5.4

openbsdopensshMatch5.5

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445

kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

openwall.com/lists/oss-security/2012/01/26/15

openwall.com/lists/oss-security/2012/01/26/16

openwall.com/lists/oss-security/2012/01/27/1

openwall.com/lists/oss-security/2012/01/27/4

osvdb.org/78706

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54

www.securityfocus.com/bid/51702

exchange.xforce.ibmcloud.com/vulnerabilities/72756

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for NVD:CVE-2012-0814

cvelist1 f52 openvas4 prion1 hackerone1 debiancve1 ubuntucve1 cve1 securityvulns3 nessus6 ibm1 gentoo1 rosalinux1