News
Vigil@nce: OpenSSH, information disclosure via Forced Command
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an OpenSSH server defined Forced Commands, an authenticated attacker can obtain information on commands of other users.
Severity: 1/4
Creation date: 30/01/2012
IMPACTED PRODUCTS
OpenSSH
DESCRIPTION OF THE VULNERABILITY
The Forced Command feature of OpenSSH is used to define commands to execute when a RSA key is used for the authentication. For example: command="/bin/echo Here is a message" rsa_key
When there are several Forced Commands, the configuration file for
example contains:
command="/bin/echo Hello one" rsa_key1
command="/bin/echo Hello two" rsa_key2
command="/bin/echo Hello three" rsa_key3
The "-v" (verbose) option of the SSH client displays server debug messages on the client side. However, Forced Commands of all users are displayed. So, the user of rsa_key3 will know the commands of both previous users.
When an OpenSSH server defined Forced Commands, an authenticated attacker can therefore obtain information on commands of other users.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
