Markus Friedl

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 3.7.1 OpenSSH-server versions 3.1p1 through 3.4p1 OpenSSH-askpass versions 3.1p1 through 3.4p1 OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1 OpenSSH-clients versions 3.1p1 through 3.4p1 **Description** The issue involves multiple vulnerabilities in OpenSSH, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The errors include buffer management issues in files such as buffer.c and channels.c, which may allow attackers to cause a denial of service or execute arbitrary code. **Recommendations** For OpenSSH versions prior to 3.7.1, update to version 3.7.1 or later. For OpenSSH-server versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-askpass versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. For OpenSSH-clients versions 3.1p1 through 3.4p1, update to a version later than 3.4p1. As a temporary workaround, consider restricting access to vulnerable OpenSSH components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 6.2 through 6.3 **Description** The issue allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. This is due to the mm newkeys from blob function in monitor wrap.c not properly initializing memory for a MAC context data structure when an AES-GCM cipher is used. The vulnerability can be exploited remotely by an attacker who has passed the authentication procedure, potentially leading to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For OpenSSH versions 6.2 through 6.3, consider updating to a version where this issue is fixed, as the current version allows for the bypass of important security restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.