// For flags

CVE-2012-0814

 

Severity Score

3.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.

La función auth_parse_options en auth-options.c en el demonio sshd de OpenSSH antes de v5.7 muestra mensajes de depuración que contienen opciones del comando authorized_keys, lo que permite obtener información sensible a usuarios remotos autenticados mediante la lectura de estos mensajes. El problema queda demostrado con la cuenta de usuario compartida solicitada por Gitolite. NOTA: esto puede cruzar los límites de los privilegios, porque una cuenta de usuario intencionalmente no tiene acceso a una 'shell' o al sistema de archivos, y por lo tanto no tienen forma de leer un archivo authorized_keys en su propio directorio.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-01-19 CVE Reserved
  • 2012-01-27 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-255: Credentials Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
<= 5.6
Search vendor "Openbsd" for product "Openssh" and version " <= 5.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2
Search vendor "Openbsd" for product "Openssh" and version "1.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.1
Search vendor "Openbsd" for product "Openssh" and version "1.2.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.2
Search vendor "Openbsd" for product "Openssh" and version "1.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.3
Search vendor "Openbsd" for product "Openssh" and version "1.2.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.27
Search vendor "Openbsd" for product "Openssh" and version "1.2.27"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.3
Search vendor "Openbsd" for product "Openssh" and version "1.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5
Search vendor "Openbsd" for product "Openssh" and version "1.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5.7
Search vendor "Openbsd" for product "Openssh" and version "1.5.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5.8
Search vendor "Openbsd" for product "Openssh" and version "1.5.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2
Search vendor "Openbsd" for product "Openssh" and version "2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.1
Search vendor "Openbsd" for product "Openssh" and version "2.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.1.1
Search vendor "Openbsd" for product "Openssh" and version "2.1.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.2
Search vendor "Openbsd" for product "Openssh" and version "2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.3
Search vendor "Openbsd" for product "Openssh" and version "2.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.3.1
Search vendor "Openbsd" for product "Openssh" and version "2.3.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.5
Search vendor "Openbsd" for product "Openssh" and version "2.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.5.1
Search vendor "Openbsd" for product "Openssh" and version "2.5.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.5.2
Search vendor "Openbsd" for product "Openssh" and version "2.5.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.9
Search vendor "Openbsd" for product "Openssh" and version "2.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.9.9
Search vendor "Openbsd" for product "Openssh" and version "2.9.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.9.9p2
Search vendor "Openbsd" for product "Openssh" and version "2.9.9p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.9p1
Search vendor "Openbsd" for product "Openssh" and version "2.9p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
2.9p2
Search vendor "Openbsd" for product "Openssh" and version "2.9p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0
Search vendor "Openbsd" for product "Openssh" and version "3.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.2
Search vendor "Openbsd" for product "Openssh" and version "3.0.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0p1
Search vendor "Openbsd" for product "Openssh" and version "3.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.1
Search vendor "Openbsd" for product "Openssh" and version "3.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2
Search vendor "Openbsd" for product "Openssh" and version "3.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.2
Search vendor "Openbsd" for product "Openssh" and version "3.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.3
Search vendor "Openbsd" for product "Openssh" and version "3.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.4
Search vendor "Openbsd" for product "Openssh" and version "3.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.4p1
Search vendor "Openbsd" for product "Openssh" and version "3.4p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.5
Search vendor "Openbsd" for product "Openssh" and version "3.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.5p1
Search vendor "Openbsd" for product "Openssh" and version "3.5p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6
Search vendor "Openbsd" for product "Openssh" and version "3.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7
Search vendor "Openbsd" for product "Openssh" and version "3.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8
Search vendor "Openbsd" for product "Openssh" and version "3.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8.1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9
Search vendor "Openbsd" for product "Openssh" and version "3.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9.1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.0
Search vendor "Openbsd" for product "Openssh" and version "4.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.0p1
Search vendor "Openbsd" for product "Openssh" and version "4.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.1
Search vendor "Openbsd" for product "Openssh" and version "4.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.1p1
Search vendor "Openbsd" for product "Openssh" and version "4.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.2
Search vendor "Openbsd" for product "Openssh" and version "4.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.2p1
Search vendor "Openbsd" for product "Openssh" and version "4.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3p1
Search vendor "Openbsd" for product "Openssh" and version "4.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3p2
Search vendor "Openbsd" for product "Openssh" and version "4.3p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.4
Search vendor "Openbsd" for product "Openssh" and version "4.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.4p1
Search vendor "Openbsd" for product "Openssh" and version "4.4p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.5
Search vendor "Openbsd" for product "Openssh" and version "4.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.6
Search vendor "Openbsd" for product "Openssh" and version "4.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.7
Search vendor "Openbsd" for product "Openssh" and version "4.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.9
Search vendor "Openbsd" for product "Openssh" and version "4.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.0
Search vendor "Openbsd" for product "Openssh" and version "5.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.1
Search vendor "Openbsd" for product "Openssh" and version "5.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.2
Search vendor "Openbsd" for product "Openssh" and version "5.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.3
Search vendor "Openbsd" for product "Openssh" and version "5.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.4
Search vendor "Openbsd" for product "Openssh" and version "5.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.5
Search vendor "Openbsd" for product "Openssh" and version "5.5"
-
Affected