Twenty Year Anniversary
Showing 1 - 9 of 9 RSS Feed

CVE-2014-2532

Status Candidate

Overview

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Related Files

Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
MD5 | 394e001ee3e97a0e28026a7e3dd1db7f
Mandriva Linux Security Advisory 2015-095
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-095 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-2532, CVE-2014-2653
MD5 | b210e2d7303f1204821fcbd31f1ec35c
HP Security Bulletin HPSBUX03188 SSRT101487 1
Posted Nov 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability
systems | hpux
advisories | CVE-2013-4548, CVE-2014-1692, CVE-2014-2532, CVE-2014-2653
MD5 | 60b082836fa9890c5a6a480b8d91b420
Red Hat Security Advisory 2014-1552-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1552-02 - OpenSSH is OpenBSD's SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.

tags | advisory, remote, protocol
systems | linux, redhat, openbsd
advisories | CVE-2014-2532, CVE-2014-2653
MD5 | 40e04a3c3bad82810d0c8d2fa03d31bf
Gentoo Linux Security Advisory 201405-06
Posted May 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 6.6_p1-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5161, CVE-2010-4478, CVE-2010-4755, CVE-2010-5107, CVE-2011-5000, CVE-2012-0814, CVE-2014-2532
MD5 | 867f6beb5f3c209a3b73933db4c67529
Mandriva Linux Security Advisory 2014-068
Posted Apr 9, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-068 - sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-2532, CVE-2014-2653
MD5 | 9a7f2f79a175a9f3638664f7698b9090
Debian Security Advisory 2894-1
Posted Apr 7, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2894-1 - Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2014-2532, CVE-2014-2653
MD5 | 532d730a7c2f76c036fee783c1633be7
Slackware Security Advisory - openssh Updates
Posted Mar 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-2532
MD5 | 612f413cfdfccc0da36aa5aefe838fa8
Ubuntu Security Notice USN-2155-1
Posted Mar 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2155-1 - Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2014-2532
MD5 | 50a7b560daa336a65ef613a7937bea02
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    24 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close