FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSH -- Memory corruption in sshd

Affected packages
6.2.p2,1 <= openssh-portable < 6.4.p1,1
6.2.p2,1 <= openssh-portable-base < 6.4.p1,1


VuXML ID 5709d244-4873-11e3-8a46-000d601460a4
Discovery 2013-11-07
Entry 2013-11-08
Modified 2013-11-13

The OpenSSH development team reports:

A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher ( or is selected during kex exchange.

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.

Either upgrade to 6.4 or disable AES-GCM in the server configuration. The following sshd_config option will disable AES-GCM while leaving other ciphers active:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc