OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability

Summary
OpenSSH is prone to a local information-disclosure vulnerability.
Impact
Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks.
Solution
Updates are available.
Insight
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call.
Affected
Versions prior to OpenSSH 5.8p2 are vulnerable.
Detection
Check the version.
References