Ask the Community
Groups
CVE-2011-4327 openssh: Unauthorized local access to host keys on platforms where ssh-rand-helper used - Connect IT Community | Kaseya
<main> <article class="userContent"> <h3 data-id="cve-id"><strong>CVE ID</strong></h3> <p>CVE-2011-4327</p> <h3 data-id="description"><strong>DESCRIPTION</strong></h3> <p>ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.</p> <h3 data-id="resolution"><strong>RESOLUTION</strong></h3> <p></p> <ul><li>CentOS6 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.</li></ul><h3 data-id="link-to-advisories"><strong>LINK TO ADVISORIES</strong></h3> <p></p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2011-4327">https://access.redhat.com/security/cve/cve-2011-4327</a></li></ul> </article> </main>