Bug 755640 - (CVE-2011-4327) CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used
CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms wh...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20110505,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-21 11:53 EST by Jan Lieskovsky
Modified: 2015-07-31 02:45 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-11-21 12:21:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-11-21 11:53:18 EST
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program.

References:
[1] http://www.openssh.com/txt/release-5.8p2
[2] http://www.openssh.com/txt/portable-keysign-rand-helper.adv
[3] http://www.nessus.org/plugins/index.php?view=single&id=53841
[4] http://www.openwall.com/lists/oss-security/2011/11/21/11
    (CVE assignment)
Comment 1 Jan Lieskovsky 2011-11-21 12:06:08 EST
This issue did NOT affect the versions of the openssh package, as shipped with Red Hat Enterprise Linux 4, 5, and 6, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.

--

This issue did NOT affect the versions of the openssh package, as shipped with Fedora release of 14, 15, and 16, since these versions use a built-in entropy pool to generate and retrieve entropy information by performing host-based authentication.
Comment 2 Jan Lieskovsky 2011-11-21 12:21:49 EST
Statement:

Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication.

Note You need to log in before you can comment on or make changes to this bug.