OpenSSH 6.2 and 6.3 AES-GCM Cipher Memory Corruption
High Nessus Plugin ID 70895
SynopsisThe SSH server on the remote host is affected by a memory corruption vulnerability.
DescriptionAccording to its banner, the version of OpenSSH running on the remote host is version 6.2 or 6.3. It is, therefore, affected by a memory corruption vulnerability in post-authentication when the AES-GCM cipher is used for the key exchange. Exploitation of this vulnerability could lead to arbitrary code execution.
Note that installations are only vulnerable if built against an OpenSSL library that supports AES-GCM.
SolutionUpgrade to OpenSSH 6.4 or refer to the vendor for a patch or workaround.