OpenSSH 6.2 / 6.3 Remote Memory Corruption Vulnerability
PVS ID: 8050 FAMILY: SSH RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote SSH service may be affected by a memory corruption vulnerability that could allow an attacker to execute arbitrary code in the context of the authenticated user.\n\nVersions of OpenSSH server before 6.4 may contain a memory corruption vulnerability that exists in the post-authentication 'sshd' process when an AES-GCM cipher is selected during key exchange. This issue can be exploited to execute arbitrary code with the privileges of an authenticated user and bypass restricted shell/command configurations.\n\nFor your information, the observed version of OpenSSH installed on the remote host is : \n %L \n\n

Solution: Upgrade to OpenSSH version 6.4 or later.

CVE-2013-4548


Copyright Tenable Network Security Inc. 2013