Your submission was sent successfully! Close

CVE-2014-2532

Published: 18 March 2014

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Priority

Medium

CVSS 3 base score: 4.9

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
lucid
Released (1:5.3p1-3ubuntu7.1)
precise
Released (1:5.9p1-5ubuntu1.2)
quantal
Released (1:6.0p1-3ubuntu1.1)
saucy
Released (1:6.2p2-6ubuntu0.2)
upstream
Released (6.6p1)
Patches:
upstream: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271