Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419357 (CVE-2012-0814) - <net-misc/openssh-5.8_p1-r1 : information leak (CVE-2012-0814)
Summary: <net-misc/openssh-5.8_p1-r1 : information leak (CVE-2012-0814)
Alias: CVE-2012-0814
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [glsa]
Depends on:
Reported: 2012-06-02 14:22 UTC by GLSAMaker/CVETool Bot
Modified: 2014-05-11 13:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-02 14:22:36 UTC
CVE-2012-0814 (
  The auth_parse_options function in auth-options.c in sshd in OpenSSH before
  5.7 provides debug messages containing authorized_keys command options,
  which allows remote authenticated users to obtain potentially sensitive
  information by reading these messages, as demonstrated by the shared user
  account required by Gitolite.  NOTE: this can cross privilege boundaries
  because a user account may intentionally have no shell or filesystem access,
  and therefore may have no supported way to read an authorized_keys file in
  its own home directory.

Please punt vulnerable versions.
Comment 1 SpanKY gentoo-dev 2012-06-02 17:52:28 UTC
openssh-5.9_p1-r4 is already stable
Comment 2 Agostino Sarubbo gentoo-dev 2012-06-02 21:46:10 UTC
(In reply to comment #1)
> openssh-5.9_p1-r4 is already stable

Is ok to remove from the tree all vulnerable version before 5.9_p1-r4?
Comment 3 SpanKY gentoo-dev 2012-06-04 16:25:33 UTC
we haven't generally bothered in the past.  i don't see why this would be any different.
Comment 4 Agostino Sarubbo gentoo-dev 2012-11-16 17:48:39 UTC
the cleanup has been done.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-05-11 13:56:37 UTC
This issue was resolved and addressed in
 GLSA 201405-06 at
by GLSA coordinator Mikle Kolyada (Zlogene).