|Summary:||CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED NOTABUG||QA Contact:|
|Version:||unspecified||CC:||592028873, hui.zhu, jchadima, mattias.ellert, mgrepl, plautrba, tmraz|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2011-11-21 17:21:49 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jan Lieskovsky 2011-11-21 16:53:18 UTC
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. References:  http://www.openssh.com/txt/release-5.8p2  http://www.openssh.com/txt/portable-keysign-rand-helper.adv  http://www.nessus.org/plugins/index.php?view=single&id=53841  http://www.openwall.com/lists/oss-security/2011/11/21/11 (CVE assignment)
Comment 1 Jan Lieskovsky 2011-11-21 17:06:08 UTC
This issue did NOT affect the versions of the openssh package, as shipped with Red Hat Enterprise Linux 4, 5, and 6, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication. -- This issue did NOT affect the versions of the openssh package, as shipped with Fedora release of 14, 15, and 16, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.
Comment 2 Jan Lieskovsky 2011-11-21 17:21:49 UTC
Statement: Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication.