Boletines de Vulnerabilidades

Security Bulletin: AIX OpenSSH Vulnerability CVE-2013-4548

Información sobre el sistema
   
Software afectado IBM

Descripción
DESCRIPTION (From cve.mitre.org) The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote i authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548 CVE(s): CVE-2013-4548 Affected product(s) and affected

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_aix_openssh_vulnerability_cve_2013_4548?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-4548 ,CVE-2013-5780 ,CVE-2013-5372 ,CVE-2013-5803 ,CVE-2013-6304 ,CVE-2014-0411 and CVE-2013-6440.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-03-04

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT