Showing 1 - 4 of 4

CVE-2013-4548

Status Candidate

Overview

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Related Files

HP Security Bulletin HPSBUX03188 SSRT101487 1: Posted Nov 12, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.; tags | advisory, denial of service, shell, vulnerability; systems | hpux; advisories | CVE-2013-4548, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653; SHA-256 | f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27c; Download | Favorite | View

FreeBSD Security Advisory - OpenSSH AES-GCM Memory Corruption: Posted Nov 19, 2013; Site security.freebsd.org; FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.; tags | advisory, shell, code execution; systems | freebsd; advisories | CVE-2013-4548; SHA-256 | 878536e73df64b2ee9e3165866803aec2f9d6c286c5bb0c627ff2c9aed8e06fe; Download | Favorite | View

Slackware Security Advisory - openssh Updates: Posted Nov 19, 2013; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New openssh packages are available for Slackware 14.1 and -current to fix a security issue. Related CVE Numbers: CVE-2013-4548.; tags | advisory; systems | linux, slackware; advisories | CVE-2013-4548; SHA-256 | 0ec99ec21c4e670141a83c9c5c98eeacd33c86ad07dc08457b0a9ce52e6e078b; Download | Favorite | View

Ubuntu Security Notice USN-2014-1: Posted Nov 8, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2014-1 - Markus Friedl discovered that OpenSSH incorrectly handled memory when the AES-GCM cipher was used. A remote authenticated attacker could use this issue to execute arbitrary code as their user, possibly bypassing shell or command restrictions.; tags | advisory, remote, arbitrary, shell; systems | linux, ubuntu; advisories | CVE-2013-4548; SHA-256 | e189e6627785c00b5dcbe8d47d9b5eb49ddf89426224169d3a73aa26e7a1a493; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2013-4548

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems