2 matches found
CVE-2013-4548
CVE-2013-4548 affects OpenSSH sshd 6.2/6.3 when using AES-GCM. The bug is in mm_newkeys_from_blob (monitor_wrap.c) where memory for a MAC context isn’t initialized, allowing remote authenticated users to bypass ForceCommand and login-shell restrictions via crafted packet data. Several connected s...
CVE-2013-4548
The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...