CVE-2012-0814
published 2012-01-27CVE-2012-0814: The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
3.67%
88.3th percentile
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Affected
83 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:5.6p1-1 (bookworm) | openssh 1:5.6p1-1 (bookworm) |
| openbsd | openssh | <= 5.6 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cc7q-859r-mjj2: The auth_parse_options function in auth-options
ghsa_unreviewed·2022-05-17
CVE-2012-0814 [LOW] GHSA-cc7q-859r-mjj2: The auth_parse_options function in auth-options
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
OSV
CVE-2012-0814: The auth_parse_options function in auth-options
osv·2012-01-27·CVSS 3.5
CVE-2012-0814 [LOW] CVE-2012-0814: The auth_parse_options function in auth-options
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Red Hat
openssh: forced command option information disclosure
vendor_redhat·2012-01-26·CVSS 3.5
CVE-2012-0814 [LOW] openssh: forced command option information disclosure
openssh: forced command option information disclosure
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Statement: This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4 and 5.
On Red Hat Enterprise Linux 6, configured forced commands are returned in the debugging out
Debian
CVE-2012-0814: openssh - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 ...
vendor_debian·2012·CVSS 3.5
CVE-2012-0814 [LOW] CVE-2012-0814: openssh - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 ...
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
Scope: local
bookworm: resolved (fixed in 1:5.6p1-1)
bullseye: resolved (fixed in 1:5.6p1-1)
forky: resolved (fixed in 1:5.6p1-1)
sid: resolved (fixed in 1:5.6p1-1)
trixie: resolved (fixed in 1:5.6p1-1)
No detection rules found.
No public exploits indexed.
arXiv
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
arxiv_fulltext·2021-03-26
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
Afsah Anwar^1, Jinchun Choi^1,2, Abdulrahman Alabduljabbar^1, Hisham Alasmary^1,3,
Jeffrey Spaulding^4, An Wang^5, Songqing Chen^6, DaeHun Nyang^7, Amro Awad^8, and David Mohaisen^1
^1 University of Central Florida
2mm^2 Texas A&M University 2mm^3 King Khalid University 2mm^4 Canisius College
2mm^5 Case Western Reserve University
2mm^6 GMU 2mm^7 Ewha Womans University 2mm^8 NCSU
## Abstract
The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT m
HackerOne
openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io
hackerone·2014-10-10·CVSS 3.5
[LOW] openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io
openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io
Summary of the issue:
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing
authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information
by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross
privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may
have no supported way to read an authorized_keys file in its own home directory.
OpenSSH before 5.7 is affected.
Attack details..:
According to its banner, the version of OpenSSH installed on the remote
host
Bugzilla
CVE-2012-0814 openssh: forced command option information disclosure
bugzilla·2012-01-27·CVSS 3.5
CVE-2012-0814 [LOW] CVE-2012-0814 openssh: forced command option information disclosure
CVE-2012-0814 openssh: forced command option information disclosure
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-0814 to
the following vulnerability:
Name: CVE-2012-0814
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814
Assigned: 20120119
Reference: http://openwall.com/lists/oss-security/2012/01/26/15
Reference: http://openwall.com/lists/oss-security/2012/01/27/1
Reference: http://openwall.com/lists/oss-security/2012/01/26/16
Reference: http://openwall.com/lists/oss-security/2012/01/27/4
Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445
Reference: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c
Reference: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54
The auth_parse_op
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://openwall.com/lists/oss-security/2012/01/26/15http://openwall.com/lists/oss-security/2012/01/26/16http://openwall.com/lists/oss-security/2012/01/27/1http://openwall.com/lists/oss-security/2012/01/27/4http://osvdb.org/78706http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.chttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54http://www.securityfocus.com/bid/51702https://exchange.xforce.ibmcloud.com/vulnerabilities/72756http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://openwall.com/lists/oss-security/2012/01/26/15http://openwall.com/lists/oss-security/2012/01/26/16http://openwall.com/lists/oss-security/2012/01/27/1http://openwall.com/lists/oss-security/2012/01/27/4http://osvdb.org/78706http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.chttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54http://www.securityfocus.com/bid/51702https://exchange.xforce.ibmcloud.com/vulnerabilities/72756
2012-01-27
Published