CVE-2011-4327 — Sensitive Information Exposure in Openssh

CWE-200 — Sensitive Information Exposure6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedFeb 3
Latest updateMay 17

Description

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

â–¶NVDopenbsd/openssh5.8+79

🔴Vulnerability Details

2
GHSA
GHSA-9998-pmcc-vpg5: ssh-keysign↗2022-05-17
â–¶
CVEList
CVE-2011-4327: ssh-keysign↗2014-02-03
â–¶

📋Vendor Advisories

2
Red Hat
openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used↗2011-05-05
â–¶
Debian
CVE-2011-4327: openssh - ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms execut...↗2011
â–¶

💬Community

1
Bugzilla
CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used↗2011-11-21
â–¶
CVE-2011-4327 — Sensitive Information Exposure | cvebase