CVE-2014-2532

Published: Mar 18, 2014Modified: May 28, 2026

4.9

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.7

Source: NVD

Description

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

Affected (7)

Products: Oracle: Communications User Data Repository · Openbsd: Openssh

1 product

Communications User Data Repository

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications User Data Repository	Version 10.0.1

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Openbsd Openssh	Up to 6.5
Openbsd Openssh	Version 6.0
Openbsd Openssh	Version 6.1
Openbsd Openssh	Version 6.2
Openbsd Openssh	Version 6.3
Openbsd Openssh	Version 6.4

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (46)

http://advisories.mageia.org/MGASA-2014-0143.html

Source: cve@mitre.org

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=141576985122836&w=2

Source: cve@mitre.org

http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1552.html

Source: cve@mitre.org

http://secunia.com/advisories/57488

Source: cve@mitre.org

http://secunia.com/advisories/57574

Source: cve@mitre.org

http://secunia.com/advisories/59313

Source: cve@mitre.org

http://secunia.com/advisories/59855

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-2894

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:068

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:095

Source: cve@mitre.org

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Source: cve@mitre.org

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: cve@mitre.org

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/66355

Source: cve@mitre.org

http://www.securitytracker.com/id/1029925

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2155-1

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91986

Source: cve@mitre.org

https://support.apple.com/HT205267

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0143.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=141576985122836&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2014-1552.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57488

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57574

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59313

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59855

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2014/dsa-2894

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2014:068

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:095

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66355

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029925

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2155-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/91986

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/HT205267

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.