K15780: OpenSSH vulnerabilities CVE-2014-2532 and CVE-2014-2653

Security Advisory Description CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not...

SUSE CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

SUSE: Security Advisory (SUSE-SU-2014:0818-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

Authorization Bypass

openssh is vulnerable to authorization bypass attacks. The vulnerability exists as sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a...

BSA-2017-253

Security Advisory ID : BSA-2017-253 Component : OpenSSH Revision : 2.0: Interim sshdinOpenSSHbefore 6.6 does not properly support wildcards onAcceptEnvlines insshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard...

F5 Networks BIG-IP : OpenSSH vulnerabilities (K15780)

CVE-2014-2653 The verifyhostkey function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. CVE-2014-2532 sshd in OpenSSH before 6.6 does not properly support wildcards on...

Amazon Linux: Security Advisory (ALAS-2014-369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)

Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...

openssh, pam_ssh_agent_auth security update

CentOS Errata and Security Advisory CESA-2014:1552 Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common...

Moderate: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

SuSE 11.3 Security Update : openssh (SAT Patch Number 9357)

This update for OpenSSH fixes the following issues : - Exit sshd normally when port is already in use. bnc832628 - Use hardware crypto engines where available. bnc826427 - Use correct options for login when it is used. bnc833605 - Move FIPS messages to higher debug level. bnc862875 - Fix forwardi...

[BSA-095] Security Update for openssh

Colin Watson uploaded new packages for openssh which fixed the following security problems: CVE-2014-2532 DSA-2894-1 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable...

Debian DSA-2894-1 : openssh - security update

Two vulnerabilities were discovered in OpenSSH, an implementation of the SSH protocol suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-2532 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker...

[SECURITY] [DSA 2894-1] openssh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2894-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 05, 2014 http://www.debian.org/security/faq -...

Ubuntu: Security Advisory (USN-2155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...

CVE-2014-2532

OpenSSH CVE-2014-2532 affects sshd prior to 6.6, where AcceptEnv lines with wildcards can be bypassed by using a substring before the wildcard, allowing remote attackers to bypass environment restrictions. Affected component: sshd in OpenSSH. Impact cited: potential info disclosure and environmen...