ALAS-2014-369 ---- openssh, pam_ssh_agent_authID: oval:org.secpod.oval:def:1600060 | Date: (C)2016-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Platform: |
Amazon Linux AMI |
Product: |
openssh |
pam_ssh_agent_auth |