CVE-2012-0814 (retired)

The auth_parse_options function in auth-options.c in sshd in OpenSSH before
5.7 provides debug messages containing authorized_keys command options,
which allows remote authenticated users to obtain potentially sensitive
information by reading these messages, as demonstrated by the shared user
account required by Gitolite. NOTE: this can cross privilege boundaries
because a user account may intentionally have no shell or filesystem
access, and therefore may have no supported way to read an authorized_keys
file in its own home directory.
More Information

Updated: 2019-10-09 07:41:02 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)