Bug 869101 (CVE-2014-2532) - VUL-1: CVE-2014-2532: openssh: AcceptEnv environment restriction bypass flaw
Summary: VUL-1: CVE-2014-2532: openssh: AcceptEnv environment restriction bypass flaw
Status: RESOLVED FIXED
: 890850 (view as bug list)
Alias: CVE-2014-2532
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Deadline: 2017-01-18
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/97110/
Whiteboard: CVSSv3.1:SUSE:CVE-2014-2532:4.9:(AV:N...
Keywords: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Depends on:
Blocks:
 
Reported: 2014-03-19 09:23 UTC by Marcus Meissner
Modified: 2022-02-13 11:07 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-19 09:23:42 UTC 
via cve db in openssh 6.6:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.

http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
Comment 1 SMASH SMASH 2014-03-19 09:30:28 UTC 
Affected packages:

SLE-11-SP3: openssh
SLE-10-SP3-TERADATA: openssh
SLE-11-SP2: openssh
Comment 2 Marcus Meissner 2014-03-19 09:31:15 UTC 
planned for now.
Comment 3 Swamp Workflow Management 2014-03-19 23:00:17 UTC 
bugbot adjusting priority
Comment 13 Swamp Workflow Management 2014-06-18 19:05:35 UTC 
Update released for: openssh, openssh-askpass, openssh-askpass-gnome, openssh-askpass-gnome-debuginfo, openssh-debuginfo
Products:
SLE-DEBUGINFO 10-SP3-TERADATA (x86_64)
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 14 Swamp Workflow Management 2014-06-18 21:48:39 UTC 
Update released for: openssh, openssh-askpass, openssh-askpass-gnome, openssh-askpass-gnome-debuginfo, openssh-debuginfo, openssh-debugsource
Products:
SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP3 (i386, x86_64)
Comment 15 Swamp Workflow Management 2014-06-19 01:05:03 UTC 
SUSE-SU-2014:0818-1: An update that solves one vulnerability and has four fixes is now available.

Category: security (low)
Bug References: 826427,833605,847710,869101,870532
CVE References: CVE-2014-2532
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openssh-6.2p2-0.13.1, openssh-askpass-gnome-6.2p2-0.13.1
SUSE Linux Enterprise Server 11 SP3 (src):    openssh-6.2p2-0.13.1, openssh-askpass-gnome-6.2p2-0.13.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openssh-6.2p2-0.13.1, openssh-askpass-gnome-6.2p2-0.13.1
Comment 16 Marcus Meissner 2014-07-07 15:29:55 UTC 
regular updates released. no ltss updates so far, will be rolled in later.
Comment 17 Leonardo Chiquitto 2014-08-12 23:24:23 UTC 
*** Bug 890850 has been marked as a duplicate of this bug. ***
Comment 20 Swamp Workflow Management 2017-01-11 10:24:10 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-01-18.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63340