Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0814

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Published

2012-01-27T19:55:01.063

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	openssh	≤ 5.6	Yes
Application	openbsd	openssh	1.2	Yes
Application	openbsd	openssh	1.2.1	Yes
Application	openbsd	openssh	1.2.2	Yes
Application	openbsd	openssh	1.2.3	Yes
Application	openbsd	openssh	1.2.27	Yes
Application	openbsd	openssh	1.3	Yes
Application	openbsd	openssh	1.5	Yes
Application	openbsd	openssh	1.5.7	Yes
Application	openbsd	openssh	1.5.8	Yes
Application	openbsd	openssh	2	Yes
Application	openbsd	openssh	2.1	Yes
Application	openbsd	openssh	2.1.1	Yes
Application	openbsd	openssh	2.2	Yes
Application	openbsd	openssh	2.3	Yes
Application	openbsd	openssh	2.3.1	Yes
Application	openbsd	openssh	2.5	Yes
Application	openbsd	openssh	2.5.1	Yes
Application	openbsd	openssh	2.5.2	Yes
Application	openbsd	openssh	2.9	Yes
Application	openbsd	openssh	2.9.9	Yes
Application	openbsd	openssh	2.9.9p2	Yes
Application	openbsd	openssh	2.9p1	Yes
Application	openbsd	openssh	2.9p2	Yes
Application	openbsd	openssh	3.0	Yes
Application	openbsd	openssh	3.0.1	Yes
Application	openbsd	openssh	3.0.1p1	Yes
Application	openbsd	openssh	3.0.2	Yes
Application	openbsd	openssh	3.0.2p1	Yes
Application	openbsd	openssh	3.0p1	Yes
Application	openbsd	openssh	3.1	Yes
Application	openbsd	openssh	3.1p1	Yes
Application	openbsd	openssh	3.2	Yes
Application	openbsd	openssh	3.2.2	Yes
Application	openbsd	openssh	3.2.2p1	Yes
Application	openbsd	openssh	3.2.3p1	Yes
Application	openbsd	openssh	3.3	Yes
Application	openbsd	openssh	3.3p1	Yes
Application	openbsd	openssh	3.4	Yes
Application	openbsd	openssh	3.4p1	Yes
Application	openbsd	openssh	3.5	Yes
Application	openbsd	openssh	3.5p1	Yes
Application	openbsd	openssh	3.6	Yes
Application	openbsd	openssh	3.6.1	Yes
Application	openbsd	openssh	3.6.1p1	Yes
Application	openbsd	openssh	3.6.1p2	Yes
Application	openbsd	openssh	3.7	Yes
Application	openbsd	openssh	3.7.1	Yes
Application	openbsd	openssh	3.7.1p1	Yes
Application	openbsd	openssh	3.7.1p2	Yes
Application	openbsd	openssh	3.8	Yes
Application	openbsd	openssh	3.8.1	Yes
Application	openbsd	openssh	3.8.1p1	Yes
Application	openbsd	openssh	3.9	Yes
Application	openbsd	openssh	3.9.1	Yes
Application	openbsd	openssh	3.9.1p1	Yes
Application	openbsd	openssh	4.0	Yes
Application	openbsd	openssh	4.0p1	Yes
Application	openbsd	openssh	4.1	Yes
Application	openbsd	openssh	4.1p1	Yes
Application	openbsd	openssh	4.2	Yes
Application	openbsd	openssh	4.2p1	Yes
Application	openbsd	openssh	4.3	Yes
Application	openbsd	openssh	4.3p1	Yes
Application	openbsd	openssh	4.3p2	Yes
Application	openbsd	openssh	4.4	Yes
Application	openbsd	openssh	4.4p1	Yes
Application	openbsd	openssh	4.5	Yes
Application	openbsd	openssh	4.6	Yes
Application	openbsd	openssh	4.7	Yes
Application	openbsd	openssh	4.8	Yes
Application	openbsd	openssh	4.9	Yes
Application	openbsd	openssh	5.0	Yes
Application	openbsd	openssh	5.1	Yes
Application	openbsd	openssh	5.2	Yes
Application	openbsd	openssh	5.3	Yes
Application	openbsd	openssh	5.4	Yes
Application	openbsd	openssh	5.5	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 ([email protected])
http://openwall.com/lists/oss-security/2012/01/26/15 ([email protected])
http://openwall.com/lists/oss-security/2012/01/26/16 ([email protected])
http://openwall.com/lists/oss-security/2012/01/27/1 ([email protected])
http://openwall.com/lists/oss-security/2012/01/27/4 ([email protected])
http://osvdb.org/78706 ([email protected])
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c ([email protected])
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54 ([email protected])
http://www.securityfocus.com/bid/51702 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/72756 ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2012/01/26/15 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2012/01/26/16 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2012/01/27/1 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2012/01/27/4 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/78706 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/51702 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72756 (af854a3a-2127-422b-91ae-364da2661108)