What is the severity of CVE-2012-5536?

CVE-2012-5536 has a moderate severity rating due to potential local information leakage and privilege escalation.

How do I fix CVE-2012-5536?

To mitigate CVE-2012-5536, update the pam_ssh_agent_auth module to the latest version provided by Red Hat or Fedora.

What systems are affected by CVE-2012-5536?

CVE-2012-5536 affects Red Hat Enterprise Linux 6.0 and Fedora Rawhide installations.

What are the risks associated with CVE-2012-5536?

The risks include local users gaining access to sensitive information in process memory, which could lead to privilege escalation.

Is CVE-2012-5536 related to OpenSSH?

Yes, CVE-2012-5536 is related to a flaw in how the pam_ssh_agent_auth module interacts with the OpenSSH codebase.

Vulnerability/
CVE-2012-5536

medium

6.2

CWE

22/6/2012

22/2/2013

6/8/2024

CVE-2012-5536: Input Validation

First published: Fri Jun 22 2012(Updated: )

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Fedora Project Fedora Release Rawhide
Red Hat Enterprise Linux	=6.0

Remedy

http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-5536?
CVE-2012-5536 has a moderate severity rating due to potential local information leakage and privilege escalation.
How do I fix CVE-2012-5536?
To mitigate CVE-2012-5536, update the pam_ssh_agent_auth module to the latest version provided by Red Hat or Fedora.
What systems are affected by CVE-2012-5536?
CVE-2012-5536 affects Red Hat Enterprise Linux 6.0 and Fedora Rawhide installations.
What are the risks associated with CVE-2012-5536?
The risks include local users gaining access to sensitive information in process memory, which could lead to privilege escalation.
Is CVE-2012-5536 related to OpenSSH?
Yes, CVE-2012-5536 is related to a flaw in how the pam_ssh_agent_auth module interacts with the OpenSSH codebase.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-5536
agent/author
agent/severity
agent/remedy
agent/weakness
agent/last-modified-date
agent/references
agent/description
agent/event
agent/trending
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/source
vendor/fedora project
canonical/fedora project fedora release rawhide
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.