Security Bulletin: AIX OpenSSH Vulnerability CVE-2013-4548
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
DESCRIPTION (From cve.mitre.org) The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote i authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548 CVE(s): CVE-2013-4548 Affected product(s) and affected
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_aix_openssh_vulnerability_cve_2013_4548?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2013-4548 ,CVE-2013-5780 ,CVE-2013-5372 ,CVE-2013-5803 ,CVE-2013-6304 ,CVE-2014-0411 and CVE-2013-6440. |