CVE - CVE-2014-2532

CVE-ID
CVE-2014-2532	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2015-09-30-3 URL:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html BID:66355 URL:http://www.securityfocus.com/bid/66355 CONFIRM:http://advisories.mageia.org/MGASA-2014-0143.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CONFIRM:https://support.apple.com/HT205267 DEBIAN:DSA-2894 URL:http://www.debian.org/security/2014/dsa-2894 FEDORA:FEDORA-2014-6380 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html FEDORA:FEDORA-2014-6569 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html HP:HPSBUX03188 URL:http://marc.info/?l=bugtraq&m=141576985122836&w=2 HP:SSRT101487 URL:http://marc.info/?l=bugtraq&m=141576985122836&w=2 MANDRIVA:MDVSA-2014:068 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2014:068~~ (Obsolete source) MANDRIVA:MDVSA-2015:095 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2015:095~~ (Obsolete source) MLIST:[security-announce] 20140315 Announce: OpenSSH 6.6 released URL:http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 REDHAT:RHSA-2014:1552 URL:http://rhn.redhat.com/errata/RHSA-2014-1552.html SECTRACK:1029925 URL:http://www.securitytracker.com/id/1029925 SECUNIA:57488 URL:http://secunia.com/advisories/57488 SECUNIA:57574 URL:http://secunia.com/advisories/57574 SECUNIA:59313 URL:http://secunia.com/advisories/59313 SECUNIA:59855 URL:http://secunia.com/advisories/59855 UBUNTU:USN-2155-1 URL:http://www.ubuntu.com/usn/USN-2155-1 XF:openssh-cve20142532-sec-bypass(91986) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/91986
Assigning CNA
MITRE Corporation
Date Record Created
20140317	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140317)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)