CVE-2012-5536

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux (RHEL) 6 Fedora Rawhide

Description The issue allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on the pam ssh agent auth module, as demonstrated by su and sudo. This occurs because the pam ssh agent auth module calls the glibc error function instead of the error function in the OpenSSH codebase.

Recommendations For Red Hat Enterprise Linux (RHEL) 6, update the pam ssh agent auth module to use the correct error function from the OpenSSH codebase. For Fedora Rawhide, update the pam ssh agent auth module to use the correct error function from the OpenSSH codebase. As a temporary workaround, consider restricting the use of applications that rely on the pam ssh agent auth module, such as su and sudo, until a patch is available.