'sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.'
This issue has been resolved in patches applied to ClearOS 6.x. Ensure that you are up to date by running the following from command line:
If you are having trouble updating your system, please contact support.
This issue has been resolved in backported fixes to ClearOS 6.x. This issue will not be fixed in ClearOS 5. The status of whether this affect ClearOS 7.x is unknown at this time.
This issue is fixed in the current version of ClearOS but may show up as a false positive for systems which scan version numbers. ClearOS backports fixes into prior version numbers in order to provide longevity and interoperability in its software. If the system is up to date, this backport fix has been applied in the following versions:
To confirm your running version to ensure that it is a later version run the following from command line:
rpm -qi openssh
This will tell you the result of the first package affected and fixed in ClearOS. You can apply the methodology to the other packages. For example:
rpm -qi openssh-server
Run the following from command line:
Once the system is up to date, answer to those reporting this issue that the fixes have been backported into the existing version number.