Launchpad CVE tracker

CVE 2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Related bugs and status

CVE-2014-2532 (Candidate) is related to these bugs:

Bug #1244736: upstart configuration for user launches an extra ssh-agent

Summary				In	Importance	Status
	1244736	upstart configuration for user launches an extra ssh-agent		gnome-session (Ubuntu)	Undecided	Confirmed
	1244736	upstart configuration for user launches an extra ssh-agent		openssh (Ubuntu)	Undecided	Fix Released

Bug #1298280: Update OpenSSH to 6.6

Summary				In	Importance	Status
	1298280	Update OpenSSH to 6.6		openssh (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

SECTRACK: 1029925
UBUNTU: USN-2155-1
BID: 66355
SECUNIA: 57488
SECUNIA: 57574
DEBIAN: DSA-2894
CONFIRM: http://advisories.mage...
FEDORA: FEDORA-2014-6380
FEDORA: FEDORA-2014-6569
MANDRIVA: MDVSA-2014:068
CONFIRM: http://aix.software.ib...
SECUNIA: 59313
REDHAT: RHSA-2014:1552
MANDRIVA: MDVSA-2015:095
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-09-30-3
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
SECUNIA: 59855
MLIST: [security-announce] 20...
HP: HPSBUX03188
HP: SSRT101487
XF: openssh-cve20142532-se...
CONFIRM: http://www.oracle.com/...

Launchpad.net

CVE 2014-2532

Related bugs and status

Related bugs

References