CVE Vulnerabilities

CVE-2013-4548

Published: Nov 08, 2013 | Modified: Oct 09, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
6.5 MODERATE
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V3
Ubuntu
HIGH

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Affected Software

Name Vendor Start Version End Version
Openssh Openbsd 6.2 (including) 6.2 (including)
Openssh Openbsd 6.3 (including) 6.3 (including)
Openssh Ubuntu devel *
Openssh Ubuntu saucy *

References