2 matches found
openssh: AcceptEnv environment restriction bypass flaw
It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions...
PT-2014-1796
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 OpenSSH version 5.3p1 Description The issue allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character in the AcceptEnv lines of the sshd config...