[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-2653Date: (C)2014-04-23   (M)2024-02-22


The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-59855
BID-66459
DSA-2894
FEDORA-2014-6380
FEDORA-2014-6569
MDVSA-2014:068
MDVSA-2015:095
RHSA-2014:1552
RHSA-2015:0425
SSRT101487
USN-2164-1
http://openwall.com/lists/oss-security/2014/03/26/7
http://advisories.mageia.org/MGASA-2014-0166.html
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513

CPE    7
cpe:/a:openbsd:openssh:6.0
cpe:/a:openbsd:openssh:6.2
cpe:/a:openbsd:openssh:6.1
cpe:/a:openbsd:openssh:6.4
...
CWE    1
CWE-20
OVAL    12
oval:org.secpod.oval:def:1500925
oval:org.secpod.oval:def:204194
oval:org.secpod.oval:def:30042
oval:org.secpod.oval:def:701631
...

© SecPod Technologies