关键漏洞信息 漏洞ID: #657445 漏洞描述: Forced Command handling leaks private information to ssh clients 受影响软件: openssh-server 漏洞版本: openSSH 5.5p1-6+squeeze1 修复版本: openSSH 5.5p1-6+squeeze2 影响范围 受影响组件: openssh-server 影响版本: - openSSH 5.5p1-6+squeeze1 - openSSH 5.5p1-6+squeeze2 漏洞详情 漏洞类型: 信息泄露 漏洞详情: - Forced command handling in can leak private information about other configured forced commands to users. This affects gitolite. It allows an attacker with access to an authorized_keys file to read out the forced command for other keys and potentially determine which remote command will be executed. 修复措施 修复建议: - Apply the provided patch to prevent the forced command from being logged in debug messages. - Update to version openSSH 5.5p1-6+squeeze2. 修复人员: Colin Watson, Moritz Muehlenhoff, Thijs Kinkhorst等 相关漏洞编号 CVE编号: CVE-2012-0814