A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. References: [1] http://www.openssh.com/txt/release-5.8p2 [2] http://www.openssh.com/txt/portable-keysign-rand-helper.adv [3] http://www.nessus.org/plugins/index.php?view=single&id=53841 [4] http://www.openwall.com/lists/oss-security/2011/11/21/11 (CVE assignment)
This issue did NOT affect the versions of the openssh package, as shipped with Red Hat Enterprise Linux 4, 5, and 6, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication. -- This issue did NOT affect the versions of the openssh package, as shipped with Fedora release of 14, 15, and 16, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.
Statement: Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication.