You are here

CVE-2012-5536

Vincent (CVE) Danen's picture
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

Details Source

Mitre

Statement

This issue does not affect the version of openssh as shipped with Red Hat Enterprise Linux 5. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0519.

Public Date

2013-02-21 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-5536 pam_ssh_agent_auth: symbol crash leading to glibc error() called incorrectly

Bugzilla ID

834 618

CVSS Status

verified

Base Score

6.20

Base Metrics

AV:L/AC:H/Au:N/C:C/I:C/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (openssh) RHSA-2013:0519 2013-02-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 openssh Not affected