Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.

Synopsis :

Local attackers may be able to access sensitive information.

Description :

According to its banner, the version of OpenSSH running on the remote
host is earlier than 5.8p2. Such versions may be affected by a local
information disclosure vulnerability that could allow the contents of
the host's private key to be accessible by locally tracing the
execution of the ssh-keysign utility. Having the host's private key
may allow the impersonation of the host.

Note that installations are only vulnerable if ssh-rand-helper was
enabled during the build process, which is not the case for *BSD, OS
X, Cygwin and Linux.

See also :


Solution :

Upgrade to Portable OpenSSH 5.8p2 or later.

Risk factor :

Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.6
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 53841 ()

Bugtraq ID: 47691

CVE ID: CVE-2011-4327