Vulnerability Name:

CVE-2011-4327 (CCN-67264)

Assigned:2011-05-03
Published:2011-05-03
Updated:2014-02-21
Summary:ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-4327

Source: CCN
Type: SA44347
Portable OpenSSH ssh-keysign File Descriptor Leak Security Issue

Source: CCN
Type: OpenSSH Security Advisory: portable-keysign-rand-helper.adv
OpenSSH

Source: CONFIRM
Type: Vendor Advisory
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

Source: CCN
Type: OpenSSH Web Site
OpenSSH 5.8 has just been released

Source: CCN
Type: OSVDB ID: 72183
Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure

Source: CCN
Type: BID-47691
Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=755640

Source: XF
Type: UNKNOWN
openssh-sshkeysign-unauth-access(67264)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.8:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:4.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:*:*:*:*:*:*:*:* (Version <= 5.8)

    • Configuration CCN 1:
  • cpe:/a:openbsd:openssh:5.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.7:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:5.8:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openbsd openssh 1.2
    openbsd openssh 1.2.1
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.3
    openbsd openssh 1.5
    openbsd openssh 1.5.7
    openbsd openssh 1.5.8
    openbsd openssh 2
    openbsd openssh 2.1
    openbsd openssh 2.1.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.3.1
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.5.2
    openbsd openssh 2.9
    openbsd openssh 2.9.9
    openbsd openssh 2.9.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9p2
    openbsd openssh 3.0
    openbsd openssh 3.0.1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.2
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0p1
    openbsd openssh 3.1
    openbsd openssh 3.1p1
    openbsd openssh 3.2
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3
    openbsd openssh 3.3p1
    openbsd openssh 3.4
    openbsd openssh 3.4p1
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1p2
    openbsd openssh 3.7
    openbsd openssh 3.7.1
    openbsd openssh 3.7.1p1
    openbsd openssh 3.7.1p2
    openbsd openssh 3.8
    openbsd openssh 3.8.1
    openbsd openssh 3.8.1p1
    openbsd openssh 3.9
    openbsd openssh 3.9.1
    openbsd openssh 3.9.1p1
    openbsd openssh 4.0
    openbsd openssh 4.0p1
    openbsd openssh 4.1
    openbsd openssh 4.1p1
    openbsd openssh 4.2
    openbsd openssh 4.2p1
    openbsd openssh 4.3
    openbsd openssh 4.3p1
    openbsd openssh 4.3p2
    openbsd openssh 4.4
    openbsd openssh 4.4p1
    openbsd openssh 4.5
    openbsd openssh 4.6
    openbsd openssh 4.7
    openbsd openssh 4.8
    openbsd openssh 4.9
    openbsd openssh 5.0
    openbsd openssh 5.1
    openbsd openssh 5.2
    openbsd openssh 5.3
    openbsd openssh 5.4
    openbsd openssh 5.5
    openbsd openssh 5.6
    openbsd openssh 5.7
    openbsd openssh *
    openbsd openssh 5.0
    openbsd openssh 5.6
    openbsd openssh 5.5
    openbsd openssh 5.4
    openbsd openssh 5.3
    openbsd openssh 5.2
    openbsd openssh 5.1
    openbsd openssh 5.7
    openbsd openssh 5.8