This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes

Bug 755640 (CVE-2011-4327)

Summary: CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hui.zhu, jchadima, mattias.ellert, mgrepl, plautrba, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20110505,reported=20111121,source=oss-security,cvss2=2.1/AV:L/AC:L/Au:N/C:P/I:N/A:N,rhel-4/openssh=notaffected,rhel-5/openssh=notaffected,rhel-6/openssh=notaffected,fedora-all/openssh=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-21 12:21:49 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Jan Lieskovsky 2011-11-21 11:53:18 EST
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program.

References:
[1] http://www.openssh.com/txt/release-5.8p2
[2] http://www.openssh.com/txt/portable-keysign-rand-helper.adv
[3] http://www.nessus.org/plugins/index.php?view=single&id=53841
[4] http://www.openwall.com/lists/oss-security/2011/11/21/11
    (CVE assignment)
Comment 1 Jan Lieskovsky 2011-11-21 12:06:08 EST
This issue did NOT affect the versions of the openssh package, as shipped with Red Hat Enterprise Linux 4, 5, and 6, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.

--

This issue did NOT affect the versions of the openssh package, as shipped with Fedora release of 14, 15, and 16, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.
Comment 2 Jan Lieskovsky 2011-11-21 12:21:49 EST
Statement:

Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication.