11 matches found
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by vulnerabilities in OpenSSH (CVE-2013-4548)
Summary Security vulnerabilities have been discovered in OpenSSH. Vulnerability Details CVE-ID: CVE-2013-4548 DESCRIPTION: A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during ke...
openSUSE Security Update : openssh (openSUSE-SU-2013:1726-1)
openssh was updated to fix a memory corruption when AES-GCM is used which could lead to remote code execution after successful authentication. CVE-2013-4548 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
IBM AIX/Virtual I/O Server OpenSSH AES-GCM密文特权提升漏洞
CVE ID:CVE-2013-4548 IBM AIX是一款商业性质的操作系统。 IBM AIX / Virtual I/O Server包含的OpenSSH存在安全漏洞密钥交换过程中选择AES-GCM密文存在错误,允许恶意本地用户利用漏洞提升权限。 0 IBM AIX 5.x IBM AIX 6.x IBM AIX 7.x IBM Virtual I/O Server VIOS 1.x IBM Virtual I/O Server VIOS 2.x 厂商补丁: IBM ----- 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞:...
AIX OpenSSH Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Fri Feb 21 11:19:24 CDT 2014 | Updated: Wed Apr 16 17:55:12 CDT 2014 | Update: Clarified the affected OpenSSH version The most recent version of this document is available here:...
openSUSE: Security Advisory for openssh (openSUSE-SU-2013:1726-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 7 package openssh version 5.9p1-alt7
5.9p1-alt7 built Dec. 9, 2013 Dmitry V. Levin in task 110259 Nov. 8, 2013 Dmitry V. Levin - sshd: applied upstream initialization fix CVE-2013-4548...
openssh: security fix for remote code execution with AES-GCM (important)
openssh was updated to fix a memory corruption when AES-GCM is used which could lead to remote code execution after successful authentication. CVE-2013-4548...
[BSA-087] Security Update for openssh
Colin Watson uploaded new packages for openssh which fixed the following security problems: CVE-2013-4548 A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during kex exchange. If...
CVE-2013-4548
CVE-2013-4548 affects OpenSSH sshd 6.2/6.3 when using AES-GCM. The bug is in mm_newkeys_from_blob (monitor_wrap.c) where memory for a MAC context isn’t initialized, allowing remote authenticated users to bypass ForceCommand and login-shell restrictions via crafted packet data. Several connected s...
CVE-2013-4548
The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...
Security fix for the ALT Linux 8 package openssh version 5.9p1-alt7
Nov. 8, 2013 Dmitry V. Levin 5.9p1-alt7 - sshd: applied upstream initialization fix CVE-2013-4548...