OpenSSH 'child_set_env()' Function Security Bypass Vulnerability

Bugtraq ID: 66355
Class: Design Error
CVE: CVE-2014-2532
Remote: Yes
Local: No
Published: Mar 21 2014 12:00AM
Updated: Nov 19 2014 01:56AM
Credit: Jann Horn
Vulnerable: Ubuntu Ubuntu Linux 10.04 LTS
Slackware Linux 13.37
Slackware Linux 13.1
Slackware Linux 13.0
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
OpenSSH OpenSSH 5.8 p2
OpenSSH OpenSSH 5.8
OpenSSH OpenSSH 5.7
OpenSSH OpenSSH 5.6p1
OpenSSH OpenSSH 5.6
OpenSSH OpenSSH 5.5
OpenSSH OpenSSH 5.4
OpenSSH OpenSSH 5.3
OpenSSH OpenSSH 5.2p1
OpenSSH OpenSSH 5.2
OpenSSH OpenSSH 5.1
OpenSSH OpenSSH 5.0p1
OpenSSH OpenSSH 5.0
IBM Virtual I/O Server (VIOS) 2.2
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus