Showing 1 - 4 of 4

CVE-2013-4548

Status Candidate

Overview

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Related Files

HP Security Bulletin HPSBUX03188 SSRT101487 1: Posted Nov 12, 2014; Authored by HP | Site hp.com; HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.; tags | advisory, denial of service, shell, vulnerability; systems | hpux; advisories | CVE-2013-4548, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653; SHA-256 | f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27c; Download | Favorite | View

FreeBSD Security Advisory - OpenSSH AES-GCM Memory Corruption: Posted Nov 19, 2013; Site security.freebsd.org; FreeBSD Security Advisory - A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account.; tags | advisory, shell, code execution; systems | freebsd; advisories | CVE-2013-4548; SHA-256 | 878536e73df64b2ee9e3165866803aec2f9d6c286c5bb0c627ff2c9aed8e06fe; Download | Favorite | View

Slackware Security Advisory - openssh Updates: Posted Nov 19, 2013; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New openssh packages are available for Slackware 14.1 and -current to fix a security issue. Related CVE Numbers: CVE-2013-4548.; tags | advisory; systems | linux, slackware; advisories | CVE-2013-4548; SHA-256 | 0ec99ec21c4e670141a83c9c5c98eeacd33c86ad07dc08457b0a9ce52e6e078b; Download | Favorite | View

Ubuntu Security Notice USN-2014-1: Posted Nov 8, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2014-1 - Markus Friedl discovered that OpenSSH incorrectly handled memory when the AES-GCM cipher was used. A remote authenticated attacker could use this issue to execute arbitrary code as their user, possibly bypassing shell or command restrictions.; tags | advisory, remote, arbitrary, shell; systems | linux, ubuntu; advisories | CVE-2013-4548; SHA-256 | e189e6627785c00b5dcbe8d47d9b5eb49ddf89426224169d3a73aa26e7a1a493; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2013-4548

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems