Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2014-2532
StatusCandidate
Descriptionsshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Severity
Medium
CVSS score5,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:N)
PhaseAssigned (09.10.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2532
ReferencesSECTRACK : 1029925
 SECUNIA : 57488
 SECUNIA : 57574
 SECUNIA : 59313
 BID : 66355
 DEBIAN : DSA-2894
 FEDORA : FEDORA-2014-6380
 FEDORA : FEDORA-2014-6569
 CONFIRM : http://advisories.mageia.org/MGASA-2014-0143.html
 CONFIRM : http://aix.software.ibm.com/aix/efixes/security/op...
 MANDRIVA : MDVSA-2014:068
 XF : openssh-cve20142532-sec-bypass(91986)
 UBUNTU : USN-2155-1
 MLIST : [security-announce] 20140315 Announce: OpenSSH 6.6 released
SecurityVulns:Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
 OpenSSH protection bypass
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod