Skip to main content

OpenSSH AcceptEnv Wildcard Processing Vulnerability

Last Update Date: 19 Mar 2014 17:19 Release Date: 19 Mar 2014 4000 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in OpenSSH, which can be exploited by a remote authenticated user to bypass environment restrictions in certain cases.

When configured for environment passing (not the default), the software does not properly process wildcard characters on AcceptEnv lines in the 'sshd_config' configuration file. A remote user may be able to supply specially crafted parameter values to bypass environment restrictions and set certain environment variables.


Impact

  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • OpenSSH versions prior to 6.6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 6.6

Vulnerability Identifier


Source


Related Link