CVE-2014-2532

Опубликовано: 15 мар. 2014

Источник: redhat

CVSS2: 2.1

EPSS Низкий

Описание

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.

Отчет

This issue affects the version of openssh as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having Low security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openssh	Will not fix
Red Hat Enterprise Linux 7	openssh	Not affected
Red Hat Enterprise Linux 6	openssh	Fixed	RHSA-2014:1552	13.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-138

https://bugzilla.redhat.com/show_bug.cgi?id=1077843openssh: AcceptEnv environment restriction bypass flaw

EPSS

Процентиль: 58%

0.00375

Низкий

2.1 Low

CVSS2

Связанные уязвимости

CVE-2014-2532

CVSS3: 4.9

ubuntu

больше 11 лет назад

CVE-2014-2532

CVSS3: 4.9

nvd

больше 11 лет назад

CVE-2014-2532

CVSS3: 4.9

debian

больше 11 лет назад

sshd in OpenSSH before 6.6 does not properly support wildcards on Acce ...

GHSA-qf84-3fjj-8852

CVSS3: 4.9

github

больше 3 лет назад

ELSA-2014-1552

oracle-oval

почти 11 лет назад

ELSA-2014-1552: openssh security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 58%

0.00375

Низкий

2.1 Low

CVSS2