Back to search
CVE-2014-2532
Published: Mar 18, 2014
Modified: May 28, 2026
PUBLISHED
Description
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
59855
third-party-advisory
x_refsource_SECUNIA
57574
third-party-advisory
x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0143.html
x_refsource_CONFIRM
APPLE-SA-2015-09-30-3
vendor-advisory
x_refsource_APPLE
HPSBUX03188
vendor-advisory
x_refsource_HP
SSRT101487
vendor-advisory
x_refsource_HP
57488
third-party-advisory
x_refsource_SECUNIA
MDVSA-2015:095
vendor-advisory
x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
59313
third-party-advisory
x_refsource_SECUNIA
https://support.apple.com/HT205267
x_refsource_CONFIRM
FEDORA-2014-6380
vendor-advisory
x_refsource_FEDORA
DSA-2894
vendor-advisory
x_refsource_DEBIAN
RHSA-2014:1552
vendor-advisory
x_refsource_REDHAT
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
x_refsource_CONFIRM
1029925
vdb-entry
x_refsource_SECTRACK
[security-announce] 20140315 Announce: OpenSSH 6.6 released
mailing-list
x_refsource_MLIST
USN-2155-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2014-6569
vendor-advisory
x_refsource_FEDORA
openssh-cve20142532-sec-bypass(91986)
vdb-entry
x_refsource_XF
MDVSA-2014:068
vendor-advisory
x_refsource_MANDRIVA
66355
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now