oval:org.mitre.oval:def:28406

Definition Id: oval:org.mitre.oval:def:28406

Oval ID:	oval:org.mitre.oval:def:28406
Title:	HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
Description:	The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2013-4548	Version:	8
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX03188 HP-UX B.11.11 AND filesets tests Secure_Shell.SECURE_SHELL version is less than A.06.20.010 OR Criteria meets HP Security Bulletin HPSBUX03188 HP-UX B.11.23 AND filesets tests Secure_Shell.SECURE_SHELL version is less than A.06.20.011 AND Secure_Shell.SECSH-CMN version is less than A.06.20.011 OR Criteria meets HP Security Bulletin HPSBUX03188 HP-UX B.11.31 AND filesets tests Secure_Shell.SECURE_SHELL version is less than A.06.20.012 AND Secure_Shell.SECSH-CMN version is less than A.06.20.012