CVE-2012-5536

Published: Feb 22, 2013Modified: Apr 29, 2026

6.2

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 1.9 / Impact: 10.0

Source: NVD

Description

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

Affected (2)

Products: Fedora Project: Fedora Release Rawhide · Redhat: Enterprise Linux

1 product

Fedora Release Rawhide

1 product

Enterprise Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fedora Project Fedora Release Rawhide	All versions
Redhat Enterprise Linux	Version 6.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa

Source: secalert@redhat.com

ExploitPatch

http://rhn.redhat.com/errata/RHSA-2013-0519.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=834618

Source: secalert@redhat.com

http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://rhn.redhat.com/errata/RHSA-2013-0519.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=834618

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.