sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2014-03-17 22:18
Updated : 2018-07-18 18:29
NVD link : CVE-2014-2532
Mitre link : CVE-2014-2532
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
openbsd
- openssh
oracle
- communications_user_data_repository