FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5709d244-4873-11e3-8a46-000d601460a4OpenSSH -- Memory corruption in sshd

The OpenSSH development team reports:

A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange.

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.

Either upgrade to 6.4 or disable AES-GCM in the server configuration. The following sshd_config option will disable AES-GCM while leaving other ciphers active:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc


Discovery 2013-11-07
Entry 2013-11-08
Modified 2013-11-13
openssh-portable
ge 6.2.p2,1 lt 6.4.p1,1

openssh-portable-base
ge 6.2.p2,1 lt 6.4.p1,1

http://www.openssh.com/txt/gcmrekey.adv