The auth_parse_options function in auth-options.c in sshd in OpenSSH before
5.7 provides debug messages containing authorized_keys command options,
which allows remote authenticated users to obtain potentially sensitive
information by reading these messages, as demonstrated by the shared user
account required by Gitolite. NOTE: this can cross privilege boundaries
because a user account may intentionally have no shell or filesystem access,
and therefore may have no supported way to read an authorized_keys file in
its own home directory.
Please punt vulnerable versions.
openssh-5.9_p1-r4 is already stable
(In reply to comment #1)
> openssh-5.9_p1-r4 is already stable
Is ok to remove from the tree all vulnerable version before 5.9_p1-r4?
we haven't generally bothered in the past. i don't see why this would be any different.
the cleanup has been done.
This issue was resolved and addressed in
GLSA 201405-06 at http://security.gentoo.org/glsa/glsa-201405-06.xml
by GLSA coordinator Mikle Kolyada (Zlogene).