CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw

CVE ID

CVE-2014-2532

DESCRIPTION

It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.

RESOLUTION

  • CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4. Please upgrade to latest version.
  • CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section