Vulnerability CVE-2013-4548: Information
Description
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Severity: MEDIUM (6.0)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openssh | sisyphus | 5.9p1-alt7 | 9.6p1-alt1 | ALT-PU-2013-1071-1 | 108153 | Fixed |
openssh | p10 | 5.9p1-alt7 | 7.9p1-alt4.p10.4 | ALT-PU-2013-1071-1 | 108153 | Fixed |
openssh | p9 | 5.9p1-alt7 | 7.9p1-alt1 | ALT-PU-2013-1071-1 | 108153 | Fixed |
openssh | c10f1 | 5.9p1-alt7 | 7.9p1-alt4.p10.4 | ALT-PU-2013-1071-1 | 108153 | Fixed |
openssh | c9f2 | 5.9p1-alt7 | 7.9p1-alt4.p10.4 | ALT-PU-2013-1071-1 | 108153 | Fixed |
openssh | c7 | 5.9p1-alt7 | 6.7p1-alt1.M70C.5 | ALT-PU-2014-1369-1 | 117116 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://www.openssh.com/txt/gcmrekey.adv |
|
[oss-security] 20131107 Re: CVE Request - OpenSSH | |
USN-2014-1 | |
openSUSE-SU-2013:1726 | |
SSRT101487 |