Bug 849536 - (CVE-2013-4548) VUL-0: CVE-2013-4548: openssh: memory corruption in post-authentication session allow code execution
VUL-0: CVE-2013-4548: openssh: memory corruption in post-authentication sessi...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Major
: ---
Assigned To: Petr Cerny
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2013-11-08 09:37 UTC by Victor Pereira
Modified: 2016-08-31 04:24 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-11-08 09:37:34 UTC

A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher(aes128-gcm@openssh.com or aes256-gcm@openssh.com) is
selected during kex exchange.

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.

Comment 1 Swamp Workflow Management 2013-11-08 09:40:00 UTC
The SWAMPID for this issue is 55036.
This issue was rated as important.
Please submit fixed packages until 2013-11-15.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Marcus Meissner 2013-11-08 10:56:38 UTC
This has a precondition that AES-GCM is supported by openssl.

Our openssl version currently in SUSE Linux Enterprise Server 11 does not support AES-GCM, so openssh is built without this support.

So SUSE Linux Enterprise Server 11 and older are not affected by this security issue.

(in buildlog:
[   70s] checking whether OpenSSL has AES GCM via EVP... no

OpenSUSE 13.1 is affected by this problem. 

openSUSE 12.3 and older versions use older openssh versions without support for this cipher.
Comment 3 Bernhard Wiedemann 2013-11-08 19:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (849536) was mentioned in
https://build.opensuse.org/request/show/206335 13.1 / openssh
Comment 4 Swamp Workflow Management 2013-11-08 23:00:13 UTC
bugbot adjusting priority
Comment 5 Benjamin Brunner 2013-11-18 11:08:19 UTC
Update released for openSUSE 13.1. Resolved fixed.
Comment 6 Swamp Workflow Management 2013-11-18 12:06:09 UTC
openSUSE-SU-2013:1726-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 849536
CVE References: CVE-2013-4548
Sources used:
openSUSE 13.1 (src):    openssh-6.2p2-3.4.1, openssh-askpass-gnome-6.2p2-3.4.1
Comment 7 Bernhard Wiedemann 2013-11-23 03:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (849536) was mentioned in
https://build.opensuse.org/request/show/207991 Factory / openssh