Summary
OpenSSH is prone to a security-bypass vulnerability.
Impact
The security bypass allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Solution
Updates are available.
Insight
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config.
Affected
Versions prior to OpenSSH 6.6 are vulnerable.
Detection
Check the version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-2532 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- CA Gateway Security Remote Code Execution Vulnerability