CVE-2012-0814 : The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing autho

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

Published 2012-01-27 19:55:01

Updated 2023-02-13 03:26:11

Source Red Hat, Inc.

View at NVD, CVE.org

Threat overview for CVE-2012-0814

Top countries where our scanners detected CVE-2012-0814

Top open port discovered on systems with this issue 22

IPs affected by CVE-2012-0814 1,749,561

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2012-0814!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2012-0814

Probability of exploitation activity in the next 30 days: 0.29%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0814

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-0814

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0814

http://openwall.com/lists/oss-security/2012/01/27/4

oss-security - Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://openwall.com/lists/oss-security/2012/01/26/15

oss-security - CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c

CVS log for src/usr.bin/ssh/auth-options.c
https://exchange.xforce.ibmcloud.com/vulnerabilities/72756

Debian openssh-server commands information disclosure CVE-2012-0814 Vulnerability Report
http://openwall.com/lists/oss-security/2012/01/26/16

oss-security - Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445

#657445 - openssh-server: Forced Command handling leaks private information to ssh clients - Debian Bug report logs
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Juniper Networks - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.

CVEs referencing this url
http://openwall.com/lists/oss-security/2012/01/27/1

oss-security - Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53%3Br2=1.54

410 Gone
http://www.securityfocus.com/bid/51702

Debian openssh-server Forced Command Handling Information Disclosure Vulnerability

Products affected by CVE-2012-0814