CVE-2014-2532

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 OpenSSH version 5.3p1

Description The issue allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character in the AcceptEnv lines of the sshd config configuration file. This can lead to a violation of confidentiality and integrity of protected information. The vulnerability can be exploited remotely.

Recommendations For OpenSSH versions prior to 6.6, update to version 6.6 or later to resolve the issue. For OpenSSH version 5.3p1, consider disabling the use of wildcard characters in the AcceptEnv lines of the sshd config configuration file as a temporary workaround until a patch is available. Restrict access to the sshd config configuration file to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-200

Related Identifiers

ALT-PU-2014-1351

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-04127

BDU:2015-06145

BDU:2015-06146

BDU:2015-06147

BDU:2015-06148

BDU:2015-06149

BDU:2015-06150

BDU:2015-06151

BDU:2015-09678

CESA-2014_1552

CVE-2014-2532

DSA-2894-1

HPSBUX03188

MGASA-2014-0143

RHSA-2014:1552

RHSA-2014_1552

SUSE-SU-2014_0818-1

Affected Products

Alt Linux

Centos

Hp-Ux

Ibm Aix

Openssh

Red Hat

Suse

CVE-2014-2532

Weakness Enumeration

Related Identifiers

Affected Products

References · 403