oss-sec mailing list archives
CVE request: openssh
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 3 May 2011 11:23:11 -0600
OpenSSH Security Advisory: portable-keysign-rand-helper.adv This document may be found at: http://www.openssh.com/txt/portable-keysign-rand-helper.adv 1. Vulnerability Portable OpenSSH's ssh-keysign utility may allow unauthorised local access to host keys on platforms if ssh-rand-helper is used.
Full details at the URL above. I don't see a CVE name in the advisory; could one be assigned for this flaw? Note: it only affects 5.6 and 5.7. Thanks. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: openssh Vincent Danen (May 03)