CVE-2013-4548

Severity

60%

Complexity

68%

Confidentiality

106%

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

OpenBSD OpenSSH

First reported 11 years ago

2013-11-08 15:55:00

Last updated 5 years ago

2019-10-09 23:08:00

Affected Software

OpenBSD OpenSSH 6.2

6.2

OpenBSD OpenSSH 6.3

6.3

References

openSUSE-SU-2013:1726

SSRT101487

[oss-security] 20131107 Re: CVE Request - OpenSSH

http://www.openssh.com/txt/gcmrekey.adv

Vendor Advisory

USN-2014-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.