Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4548

Опубликовано: 07 нояб. 2013
Источник: redhat
CVSS2: 6.5

Описание

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Отчет

Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for AES-GCM cipher suites.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensshNot affected
Red Hat Enterprise Linux 6opensshNot affected
Red Hat Enterprise Linux 7opensshNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1028418openssh: post-auth memory corruption when using AES-GCM cipher

6.5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4548

ubuntu
около 12 лет назад

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

nvd логотип

CVE-2013-4548

nvd
около 12 лет назад

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

debian логотип

CVE-2013-4548

debian
около 12 лет назад

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...

github логотип

GHSA-wg6r-5vgg-89fv

github
больше 3 лет назад

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

fstec логотип

BDU:2015-05684

fstec
около 11 лет назад

Уязвимость операционной системы openSUSE, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

6.5 Medium

CVSS2