BSA-2017-253
21493
08 September 2017
02 May 2017
Closed
Low
2.1
N/A
CVE-2014-2532
Summary
Security Advisory ID : BSA-2017-253
Component : OpenSSH
Revision : 2.0: Interim
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
Affected Products
| Product | Current Assessment |
|---|---|
| Brocade 5400 vRouter | Impacted: Fixed in 6.7R13. |
| Brocade Fabric OS | Impacted: Fixed in 8.0.1 and 7.4.1d. |
| Brocade Services Director | Impacted: Fixed in 2.4. |
Products Confirmed Not Vulnerable
Brocade 5600 vRouter, Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade ServerIron ADX, Brocade Services Director, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
| Version | Change | Date |
|---|---|---|
| 1.0 | Initial Publication | May 2, 2017 |
| 2.0 | Updated to address FOS | September 8, 2017 |