CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used

CVE ID

CVE-2011-4327

DESCRIPTION

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

RESOLUTION

  • CentOS6 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us