OpenSSH Vulnerability: Information Disclosure via ssh-rand-helper

OpenSSH Vulnerability: Information Disclosure via ssh-rand-helper

CVE-2011-4327 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.

Learn more about our User Device Pen Test.