BSA-2017-254

Brocade Fabric OS

2 more products

21332

18 July 2019

02 May 2017

Closed

Medium

6.4

N/A

CVE-2013-4548

Summary

Security Advisory ID : BSA-2017-254

Component : Open SSH

Revision : 2.0: Final

The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.

Affected Products

Brocade Fabric OS - Fixed in v.8.0.0 and v.7.4.1b

Products Confirmed Not Vulnerable

No other Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication May 2, 2017
2.0 Updated fix and removed  all other products to keep Brocade Fibre Channel Only. July 18, 2019