CVE-2012-0814Openssh vulnerability

CWE-2557 documents7 sources
Severity
3.5LOWNVD
EPSS
0.3%
top 50.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedJan 27
Latest updateMay 17

Description

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an author

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

Debianopenbsd/openssh< 1:5.6p1-1+3
NVDopenbsd/openssh5.6+77

🔴Vulnerability Details

3
GHSA
GHSA-cc7q-859r-mjj2: The auth_parse_options function in auth-options2022-05-17
OSV
CVE-2012-0814: The auth_parse_options function in auth-options2012-01-27
CVEList
CVE-2012-0814: The auth_parse_options function in auth-options2012-01-27

📋Vendor Advisories

2
Red Hat
openssh: forced command option information disclosure2012-01-26
Debian
CVE-2012-0814: openssh - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 ...2012

💬Community

1
Bugzilla
CVE-2012-0814 openssh: forced command option information disclosure2012-01-27
CVE-2012-0814 — Openbsd Openssh vulnerability | cvebase