USN-2014-1: OpenSSH vulnerability
8 November 2013
OpenSSH could be made to run programs if it received specially crafted network traffic from an authenticated user.
- openssh - secure shell (SSH) client, for secure access to remote machines
Markus Friedl discovered that OpenSSH incorrectly handled memory when the
AES-GCM cipher was used. A remote authenticated attacker could use this
issue to execute arbitrary code as their user, possibly bypassing
shell or command restrictions.