Vulnerability identifier: #VU2068
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
OpenSSH
Server applications /
Remote management servers, RDP, SSH
Vendor: OpenSSH
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in authfile.c, which may allow a local authenticated user to obtain host private key material.
Successful exploitation of this vulnerability may allow a local user to gain access to otherwise restricted information.
Mitigation
Install the latest version of OpenSSH 7.4.
Vulnerable software versions
OpenSSH: 7.3p1
External links
https://www.openssh.com/txt/release-7.4
https://www.openwall.com/lists/oss-security/2016/12/19/2
https://github.com/openbsd/src/commit/ac8147a06ed2e2403fb6b9a0c03e618a9333c0e9
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.