icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

OpenSSH v6.2 / v6.3 Remote Memory Corruption Vulnerability

Medium

Synopsis

The remote SSH service may be affected by a memory corruption vulnerability that could allow an attacker to execute arbitrary code in the context of the authenticated user.

Description

Versions of OpenSSH server before 6.4 may contain a memory corruption vulnerability that exists in the post-authentication 'sshd' process when an AES-GCM cipher is selected during key exchange. This issue can be exploited to execute arbitrary code with the privileges of an authenticated user and bypass restricted shell/command configurations.

Solution

Upgrade to OpenSSH version 6.4 or later.