CVE-2012-5536

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

CVSS v2.0 6.2 MEDIUM

6.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 1.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa	Exploit Patch
http://rhn.redhat.com/errata/RHSA-2013-0519.html
https://bugzilla.redhat.com/show_bug.cgi?id=834618

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:fedora_project:fedora_release_rawhide:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

History

No history.

Information

Published : 2013-02-22 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-5536

Mitre link : CVE-2012-5536

CVE.ORG link : CVE-2012-5536

JSON object : View

Products Affected

fedora_project

fedora_release_rawhide

redhat

enterprise_linux

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-5536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-22T00:55:00.927", "references": [{"url": "http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0519.html", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=834618", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo."}, {"lang": "es", "value": "Un determinado build de Red Hat del m\u00f3dulo pam_ssh_agent_auth en Red Hat Enterprise Linux (RHEL) 6 y Fedora Rawhide llama a la funcion de error en glibc en lugar de la funci\u00f3n de error en el OpenSSH codebase, lo que permite a usuarios locales obtener informaci\u00f3n sensible desde la memoria de proceso o posiblemente ganar privilegios mediante la manipulaci\u00f3n de una aplicaci\u00f3n que confia en este m\u00f3dulo, como se demostr\u00f3 por su y sudo."}], "lastModified": "2019-04-22T17:48:00.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedora_project:fedora_release_rawhide:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B825A84-B784-4788-A741-1D5AFB0F8CD9"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}