CVE-2013-4548

Name of the Vulnerable Software and Affected Versions OpenSSH versions 6.2 through 6.3

Description The issue allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. This is due to the mm newkeys from blob function in monitor wrap.c not properly initializing memory for a MAC context data structure when an AES-GCM cipher is used. The vulnerability can be exploited remotely by an attacker who has passed the authentication procedure, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For OpenSSH versions 6.2 through 6.3, consider updating to a version where this issue is fixed, as the current version allows for the bypass of important security restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.