42 matches found
SUSE CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character...
SUSE CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
DEBIAN-CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
CVE-2019-14868
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
BSA-2017-253
Security Advisory ID : BSA-2017-253 Component : OpenSSH Revision : 2.0: Interim sshdinOpenSSHbefore 6.6 does not properly support wildcards onAcceptEnvlines insshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard...
Amazon Linux: Security Advisory (ALAS-2014-369)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : openssh (MDVSA-2015:095)
Updated openssh packages fix security vulnerabilities : sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character CVE-2014-2532...
openssh: AcceptEnv environment restriction bypass flaw
It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions...
Amazon Linux AMI : openssh (ALAS-2014-369)
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshdconfig, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. The verifyhostkey function in sshconnect.c in the client in OpenSSH...
Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2380-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2380-1 advisory. Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable...
Ubuntu: Security Advisory (USN-2364-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-2363-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : Bash vulnerabilities (USN-2364-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2364-1 advisory. Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain...
USN-2364-1 bash vulnerabilities
Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. CVE-2014-7186, CVE-2014-7187 In addition, this update introduces a hardening measure which add...
USN-2363-2 bash vulnerability
USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...
USN-2363-2: Bash vulnerability
USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...
Ubuntu 14.04 LTS : Bash vulnerability (USN-2363-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2363-2 advisory. USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This upda...