CVE-2014-2532
Summary
| CVE | CVE-2014-2532 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-18 05:18:00 UTC |
| Updated | 2018-07-19 01:29:00 UTC |
| Description | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openbsd | Openssh | 6.0 | All | All | All |
| Application | Openbsd | Openssh | 6.1 | All | All | All |
| Application | Openbsd | Openssh | 6.2 | All | All | All |
| Application | Openbsd | Openssh | 6.3 | All | All | All |
| Application | Openbsd | Openssh | 6.4 | All | All | All |
| Application | Openbsd | Openssh | 6.0 | All | All | All |
| Application | Openbsd | Openssh | 6.1 | All | All | All |
| Application | Openbsd | Openssh | 6.2 | All | All | All |
| Application | Openbsd | Openssh | 6.3 | All | All | All |
| Application | Openbsd | Openssh | 6.4 | All | All | All |
| Application | Openbsd | Openssh | All | All | All | All |
| Application | Oracle | Communications User Data Repository | 10.0.1 | All | All | All |
| Application | Oracle | Communications User Data Repository | 10.0.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Critical Patch Update Advisory - April 2016 | CONFIRM | www.oracle.com | |
| Support / Security / Advisories / / MDVSA-2014:068 | Mandriva | MANDRIVA | www.mandriva.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 | APPLE | lists.apple.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| [SECURITY] Fedora 19 Update: openssh-6.2p2-8.fc19 | FEDORA | lists.fedoraproject.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| CPU July 2018 | CONFIRM | www.oracle.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Oracle Critical Patch Update - October 2016 | CONFIRM | www.oracle.com | |
| '[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of S' - MARC | HP | marc.info | |
| Support / Security / Advisories / / MDVSA-2015:095 | Mandriva | MANDRIVA | www.mandriva.com | |
| OpenSSH 'child_set_env()' Function Security Bypass Vulnerability | BID | www.securityfocus.com | |
| OpenSSH AcceptEnv Wildcard Processing Flaw May Let Remote Authenticated Users Bypass Environment Restrictions - SecurityTracker | SECTRACK | www.securitytracker.com | |
| aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc | CONFIRM | aix.software.ibm.com | |
| Debian -- Security Information -- DSA-2894-1 openssh | DEBIAN | www.debian.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Mageia Advisory: MGASA-2014-0143 - Updated openssh packages fix CVE-2014-2532 | CONFIRM | advisories.mageia.org | |
| [SECURITY] Fedora 20 Update: openssh-6.4p1-4.fc20 | FEDORA | lists.fedoraproject.org | |
| About the security content of OS X El Capitan v10.11 - Apple Support | CONFIRM | support.apple.com | |
| Security Advisory SA59855 - SUSE update for openssh - Secunia | SECUNIA | secunia.com | |
| USN-2155-1: OpenSSH vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| 'Announce: OpenSSH 6.6 released' - MARC | MLIST | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.