Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2014-2532 | First vendor Publication | 2014-03-18 |
| Vendor | Cve | Last vendor Modification | 2018-07-19 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 4.9 | ||
| Base Score | 4.9 | Environmental Score | 4.9 |
| impact SubScore | 2.7 | Temporal Score | 4.9 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Network | Attack Complexity | High |
| Privileges Required | Low | User Interaction | None |
| Scope | Changed | Confidentiality Impact | Low |
| Integrity Impact | Low | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:24391 | |||
| Oval ID: | oval:org.mitre.oval:def:24391 | ||
| Title: | USN-2155-1 -- openssh vulnerability | ||
| Description: | OpenSSH incorrectly handled environment restrictions with wildcards. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2155-1 CVE-2014-2532 | Version: | 5 |
| Platform(s): | Ubuntu 13.10 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | openssh |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24888 | |||
| Oval ID: | oval:org.mitre.oval:def:24888 | ||
| Title: | AIX OpenSSH Vulnerability | ||
| Description: | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-2532 | Version: | 4 |
| Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28386 | |||
| Oval ID: | oval:org.mitre.oval:def:28386 | ||
| Title: | HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities | ||
| Description: | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2014-2532 | Version: | 8 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-06-15 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15780.nasl - Type : ACT_GATHER_INFO |
| 2016-03-22 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2016-0038.nasl - Type : ACT_GATHER_INFO |
| 2015-10-05 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-095.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
| 2014-10-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_openssh_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
| 2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1552.nasl - Type : ACT_GATHER_INFO |
| 2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-369.nasl - Type : ACT_GATHER_INFO |
| 2014-06-20 | Name : The remote AIX host has a vulnerable version of OpenSSH. File : aix_openssh_advisory4.nasl - Type : ACT_GATHER_INFO |
| 2014-06-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-140607.nasl - Type : ACT_GATHER_INFO |
| 2014-06-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openssh-140606.nasl - Type : ACT_GATHER_INFO |
| 2014-06-10 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6569.nasl - Type : ACT_GATHER_INFO |
| 2014-05-22 | Name : The remote Fedora host is missing a security update. File : fedora_2014-6380.nasl - Type : ACT_GATHER_INFO |
| 2014-05-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-06.nasl - Type : ACT_GATHER_INFO |
| 2014-04-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-068.nasl - Type : ACT_GATHER_INFO |
| 2014-04-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2894.nasl - Type : ACT_GATHER_INFO |
| 2014-03-31 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-086-06.nasl - Type : ACT_GATHER_INFO |
| 2014-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2155-1.nasl - Type : ACT_GATHER_INFO |
| 2014-03-18 | Name : The SSH server on the remote host is affected by multiple vulnerabilities. File : openssh_66.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:27:06 |
|
| 2024-02-01 12:08:01 |
|
| 2023-09-05 12:25:40 |
|
| 2023-09-05 01:07:55 |
|
| 2023-09-02 12:25:39 |
|
| 2023-09-02 01:08:02 |
|
| 2023-08-12 12:27:56 |
|
| 2023-08-12 01:07:32 |
|
| 2023-08-11 12:23:48 |
|
| 2023-08-11 01:07:43 |
|
| 2023-08-06 12:23:08 |
|
| 2023-08-06 01:07:30 |
|
| 2023-08-04 12:23:10 |
|
| 2023-08-04 01:07:34 |
|
| 2023-07-14 12:23:09 |
|
| 2023-07-14 01:07:33 |
|
| 2023-03-29 01:25:01 |
|
| 2023-03-28 12:07:54 |
|
| 2022-10-11 12:20:54 |
|
| 2022-10-11 01:07:42 |
|
| 2022-08-05 12:18:24 |
|
| 2021-05-04 12:31:03 |
|
| 2021-04-22 01:37:33 |
|
| 2020-07-25 12:10:24 |
|
| 2020-05-23 01:51:43 |
|
| 2020-05-23 00:40:35 |
|
| 2019-10-09 01:06:29 |
|
| 2018-07-19 09:19:07 |
|
| 2017-08-29 09:24:29 |
|
| 2017-01-07 09:25:29 |
|
| 2016-10-26 09:22:42 |
|
| 2016-06-16 13:28:32 |
|
| 2016-04-27 09:32:17 |
|
| 2016-04-22 09:25:16 |
|
| 2016-03-23 13:26:11 |
|
| 2015-10-10 09:22:37 |
|
| 2015-10-07 13:24:24 |
|
| 2015-04-02 09:25:52 |
|
| 2015-03-31 13:28:22 |
|
| 2014-12-03 09:26:51 |
|
| 2014-11-14 13:27:46 |
|
| 2014-11-13 13:26:59 |
|
| 2014-10-24 13:25:29 |
|
| 2014-10-18 13:25:59 |
|
| 2014-10-16 13:25:20 |
|
| 2014-10-12 13:27:16 |
|
| 2014-06-26 09:24:45 |
|
| 2014-06-21 13:28:49 |
|
| 2014-06-20 13:24:47 |
|
| 2014-06-18 09:24:22 |
|
| 2014-06-11 13:24:34 |
|
| 2014-05-23 13:23:55 |
|
| 2014-05-13 13:25:14 |
|
| 2014-04-19 13:24:56 |
|
| 2014-04-11 13:22:03 |
|
| 2014-04-08 13:22:34 |
|
| 2014-04-01 14:41:35 |
|
| 2014-04-01 14:39:29 |
|
| 2014-03-27 13:21:37 |
|
| 2014-03-26 13:23:32 |
|
| 2014-03-25 21:22:00 |
|
| 2014-03-19 13:22:48 |
|
| 2014-03-19 13:21:31 |
|
| 2014-03-18 13:24:30 |
|
