Security Bulletin
Summary
Security vulnerabilities have been discovered in OpenSSH.
Vulnerability Details
CVE-ID:
CVE-2013-4548
DESCRIPTION: A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange.
CVSS Base Score: 6.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88624
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Warning: We strongly encourage you to take action as soon as possible as potential implications to your environment may be more serious than indicated by the CVSS score.
Affected Products and Versions
Products: ABYP-0T-0S-4L-P, ABYP-0T-0S-4L-P-M, ABYP-0T-2S-2L-P, ABYP-0T-2S-2L-P-M, ABYP-0T-4S-0L-P, ABYP-0T-4S-0L-P-M, ABYP-10G-2SR-2LR-1-P, ABYP-10G-2SR-2LR-1-P-M, ABYP-10G-4LR-1-P, ABYP-10G-4LR-1-P-M, ABYP-10G-4SR-1-P, ABYP-10G-4SR-1-P-M, ABYP-2T-0S-2L-P, ABYP-2T-0S-2L-P-M, ABYP-2T-1S-1L-P, ABYP-2T-1S-1L-P-M, ABYP-2T-2S-0L-P, ABYP-2T-2S-0L-P-M, ABYP-4T-0S-0L-P, ABYP-4T-0S-0L-P-M, ABYP-4TL-P, ABYP-4TL-P-M, ABYP-4TS-P, ABYP-4TS-P-M
Firmware versions: 3.4-23
Remediation/Fixes
The following IBM Threat Updates have the fixes for these vulnerabilities:
Product | Version | Remediation/First Fix |
IBM Security Proventia Network Active Bypass | 1G – 3.4-23 | Proventia 1G NAB Update 11 (fw3.9-34) |
IBM Security Proventia Network Active Bypass | 10G - 3.4-23 | Proventia 10G NAB Update 8 (fw3.9-34) |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21670575