Published: 18/03/2014 Updated: 19/07/2018

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.9 | Impact Score: 2.7 | Exploitability Score: 1.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

sshd in OpenSSH prior to 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote malicious users to bypass intended environment restrictions by using a substring located before a wildcard character.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle communications user data repository 10.0.1
openbsd openssh
openbsd openssh 6.4
openbsd openssh 6.1
openbsd openssh 6.0
openbsd openssh 6.3
openbsd openssh 6.2

Debian Bug report logs - #742513 If server offers certificate, doesn't fall back to checking SSHFP records (CVE-2014-2653) Package: openssh-client; Maintainer for openssh-client is Debian OpenSSH Maintainers <debian-ssh@listsdebianorg>; Source for openssh-client is src:openssh (PTS, buildd, popcon) Reported by: Matthew Ver ...

OpenSSH incorrectly handled environment restrictions with wildcards ...

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines A remote attacker could use this issue to trick OpenSSH into a ...

sshd in OpenSSH before 66 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character The verify_host_key function in sshconnectc in the client in OpenSSH 66 and earlier allows remote servers to trigger t ...

CWE-264 http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 http://www.securitytracker.com/id/1029925 http://www.ubuntu.com/usn/USN-2155-1 http://secunia.com/advisories/57488 http://secunia.com/advisories/57574 http://www.securityfocus.com/bid/66355 http://www.debian.org/security/2014/dsa-2894 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html http://advisories.mageia.org/MGASA-2014-0143.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:068 http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc http://secunia.com/advisories/59313 http://rhn.redhat.com/errata/RHSA-2014-1552.html http://marc.info/?l=bugtraq&m=141576985122836&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:095 https://support.apple.com/HT205267 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://secunia.com/advisories/59855 https://exchange.xforce.ibmcloud.com/vulnerabilities/91986 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 https://usn.ubuntu.com/2155-1/https://nvd.nist.gov

CVE-2014-2532

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect