CVE-2013-4548
published 2013-11-08CVE-2013-4548: The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a…
PriorityP430medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
2.67%
83.9th percentile
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:6.4p1-1 (bookworm) | openssh 1:6.4p1-1 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:6.4p1-1 | 1:6.4p1-1 |
| openbsd | openssh | >= 0 < 1:6.4p1-1 | 1:6.4p1-1 |
| openbsd | openssh | >= 0 < 1:6.4p1-1 | 1:6.4p1-1 |
| openbsd | openssh | >= 0 < 1:6.4p1-1 | 1:6.4p1-1 |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
BSD
FreeBSD-SA-13:14.openssh: OpenSSH AES-GCM memory corruption vulnerability
bsd_advisories·2013-11-19·CVSS 6.0
CVE-2013-4548 [MEDIUM] FreeBSD-SA-13:14.openssh: OpenSSH AES-GCM memory corruption vulnerability
FreeBSD-SA-13:14.openssh Security Advisory
The FreeBSD Project
Topic: OpenSSH AES-GCM memory corruption vulnerability
Category: contrib
Module: openssh
Announced: 2013-11-19
Revised: 2013-11-28
Affects: FreeBSD 10.0-BETA
Corrected: 2013-11-19 09:35:20 UTC (stable/10, 10.0-STABLE)
2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA3-p1)
2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA2-p1)
2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA1-p2)
CVE Name: CVE-2013-4548
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
0. Revision History
v1.0 2013-11-19 Initial release.
v1.1 2013-11-28 Corrected path to sshd_config.
I. Background
OpenSSH is an implementation of the SSH protocol sui
Ubuntu
OpenSSH vulnerability
vendor_ubuntu·2013-11-08
CVE-2013-4548 OpenSSH vulnerability
Title: OpenSSH vulnerability
Summary: OpenSSH could be made to run programs if it received specially crafted
network traffic from an authenticated user.
Markus Friedl discovered that OpenSSH incorrectly handled memory when the
AES-GCM cipher was used. A remote authenticated attacker could use this
issue to execute arbitrary code as their user, possibly bypassing
shell or command restrictions.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openssh: post-auth memory corruption when using AES-GCM cipher
vendor_redhat·2013-11-07·CVSS 6.0
CVE-2013-4548 [MEDIUM] openssh: post-auth memory corruption when using AES-GCM cipher
openssh: post-auth memory corruption when using AES-GCM cipher
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Statement: Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for AES-GCM cipher suites.
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat Enterprise Linux 6) - Not affected
Package: openssh (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-4548: openssh - The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6...
vendor_debian·2013·CVSS 6.0
CVE-2013-4548 [MEDIUM] CVE-2013-4548: openssh - The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6...
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
Scope: local
bookworm: resolved (fixed in 1:6.4p1-1)
bullseye: resolved (fixed in 1:6.4p1-1)
forky: resolved (fixed in 1:6.4p1-1)
sid: resolved (fixed in 1:6.4p1-1)
trixie: resolved (fixed in 1:6.4p1-1)
GHSA
GHSA-wg6r-5vgg-89fv: The mm_newkeys_from_blob function in monitor_wrap
ghsa_unreviewed·2022-05-13
CVE-2013-4548 [MEDIUM] GHSA-wg6r-5vgg-89fv: The mm_newkeys_from_blob function in monitor_wrap
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
OSV
CVE-2013-4548: The mm_newkeys_from_blob function in monitor_wrap
osv·2013-11-08·CVSS 6.0
CVE-2013-4548 [MEDIUM] CVE-2013-4548: The mm_newkeys_from_blob function in monitor_wrap
The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.htmlhttp://marc.info/?l=bugtraq&m=141576985122836&w=2http://openwall.com/lists/oss-security/2013/11/08/3http://www.openssh.com/txt/gcmrekey.advhttp://www.ubuntu.com/usn/USN-2014-1http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00017.htmlhttp://marc.info/?l=bugtraq&m=141576985122836&w=2http://openwall.com/lists/oss-security/2013/11/08/3http://www.openssh.com/txt/gcmrekey.advhttp://www.ubuntu.com/usn/USN-2014-1
2013-11-08
Published