It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions.
- CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4. Please upgrade to latest version.
- CentOS7 Unitrends' appliances (physical and/or virtual) are not affected by this CVE.