Upstream information
CVE-2013-4548 at MITRE
Description
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
SUSE information
CVSS v2 Scores
| | National Vulnerability Database |
| Base Score | 6.00 |
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Note from the SUSE Security Team
Our openssl version currently in SUSE Linux Enterprise Server 11 does not support AES-GCM, so openssh is built without this support. So SUSE Linux Enterprise Server 11 and older are not affected by this security issue. OpenSUSE 13.1 is affected by this problem. openSUSE 12.3 and older versions use older openssh versions without support for this cipher, and so are not affected.
SUSE Bugzilla entry:
849536 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
| openSUSE 13.1 |
openssh >= 6.2p2-3.4.1openssh-askpass-gnome >= 6.2p2-3.4.1openssh-askpass-gnome-debuginfo >= 6.2p2-3.4.1openssh-debuginfo >= 6.2p2-3.4.1openssh-debugsource >= 6.2p2-3.4.1 | Patchnames:
openSUSE-2013-875 |
