CVE-2012-0814

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 5.7 OpenSSH versions prior to 6.6 p1-r1

Description The issue allows remote authenticated users to obtain potentially sensitive information by reading debug messages containing authorized keys command options. This can cross privilege boundaries, as a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized keys file in its own home directory. Multiple vulnerabilities in the OpenSSH package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For OpenSSH versions prior to 5.7, update to version 5.7 or later to resolve the issue. For OpenSSH versions prior to 6.6 p1-r1, update to version 6.6 p1-r1 or later to resolve the issue. As a temporary workaround, consider disabling the auth parse options function until a patch is available. Restrict access to sensitive information and authorized keys files to minimize the risk of exploitation.