Vulnerability CVE-2013-4548: Information

Description

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Severity: MEDIUM (6.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4548

Published: Nov. 8, 2013

Modified: Oct. 10, 2019

Error type identifier: CWE-264

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
openssh	sisyphus	5.9p1-alt7	9.6p1-alt1	ALT-PU-2013-1071-1	108153	Fixed
openssh	p10	5.9p1-alt7	7.9p1-alt4.p10.4	ALT-PU-2013-1071-1	108153	Fixed
openssh	p9	5.9p1-alt7	7.9p1-alt1	ALT-PU-2013-1071-1	108153	Fixed
openssh	c10f1	5.9p1-alt7	7.9p1-alt4.p10.4	ALT-PU-2013-1071-1	108153	Fixed
openssh	c9f2	5.9p1-alt7	7.9p1-alt4.p10.4	ALT-PU-2013-1071-1	108153	Fixed
openssh	c7	5.9p1-alt7	6.7p1-alt1.M70C.5	ALT-PU-2014-1369-1	117116	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://www.openssh.com/txt/gcmrekey.adv	Vendor Advisory
[oss-security] 20131107 Re: CVE Request - OpenSSH
USN-2014-1
openSUSE-SU-2013:1726
SSRT101487

Affected configurations:
1. Configuration 1
  cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*
  cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2013-4548: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1