OpenSSH v6.2 / v6.3 Remote Memory Corruption Vulnerability
PVS ID: 8051 FAMILY: SSH RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote SSH service may be affected by a memory corruption vulnerability that could allow an attacker to execute arbitrary code in the context of the authenticated user.\n\nVersions of OpenSSH server before 6.4 may contain a memory corruption vulnerability that exists in the post-authentication 'sshd' process when an AES-GCM cipher is selected during key exchange. This issue can be exploited to execute arbitrary code with the privileges of an authenticated user and bypass restricted shell/command configurations.

Solution: Upgrade to OpenSSH version 6.4 or later.

CVE-2013-4548


Copyright Tenable Network Security Inc. 2013