openssh

Page content
  • Author: kikadf
  • Vulnerable: 6.1p1-1
  • Unaffected: 6.1p1-2arcturus1

Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn’t accept, then the client doesn’t check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

CVEs: