Arbitrary Code Execution

2020-04-1001:14:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

JSON

openssh is vulnerable to arbitrary code execution. The vulnerability exists as the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc’s error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code.

CPENameOperatorVersion
openssheq5.3p1__52.el6_1.2
openssheq5.3p1__70.el6_2.2
openssheq5.3p1__81.el6
openssheq5.3p1__81.el6_3
openssheq5.3p1__20.el6_0.3
openssheq5.3p1__70.el6
openssheq5.3p1__20.el6
openssheq5.3p1__52.el6
openssheq5.3p1__52.el6_1.2
openssheq5.3p1__70.el6_2.2

Name	Operator	Version
openssh	eq	5.3p1__52.el6_1.2
openssh	eq	5.3p1__70.el6_2.2
openssh	eq	5.3p1__81.el6
openssh	eq	5.3p1__81.el6_3
openssh	eq	5.3p1__20.el6_0.3
openssh	eq	5.3p1__70.el6
openssh	eq	5.3p1__20.el6
openssh	eq	5.3p1__52.el6
openssh	eq	5.3p1__52.el6_1.2
openssh	eq	5.3p1__70.el6_2.2