CVE-2014-2532

Severity

57%

Complexity

86%

Confidentiality

81%

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

CVSS 3.0 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N).

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 10 years ago

2014-03-18 05:18:00

Last updated 6 years ago

2018-07-19 01:29:00

Affected Software

Oracle Communications User Data Repository 10.0.1

10.0.1

OpenBSD OpenSSH 6.0

6.0

OpenBSD OpenSSH 6.1

6.1

OpenBSD OpenSSH 6.2

6.2

OpenBSD OpenSSH 6.3

6.3

OpenBSD OpenSSH 6.4

6.4

OpenBSD OpenSSH

References

http://advisories.mageia.org/MGASA-2014-0143.html

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc

APPLE-SA-2015-09-30-3

FEDORA-2014-6569

FEDORA-2014-6380

HPSBUX03188

[security-announce] 20140315 Announce: OpenSSH 6.6 released

RHSA-2014:1552

57488

57574

59313

59855

DSA-2894

MDVSA-2014:068

MDVSA-2015:095

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

66355

1029925

USN-2155-1

openssh-cve20142532-sec-bypass(91986)

https://support.apple.com/HT205267

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.