The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://advisories.mageia.org/MGASA-2014-0166.html - | |
| References | () http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc - | |
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html - | |
| References | () http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html - | |
| References | () http://marc.info/?l=bugtraq&m=141576985122836&w=2 - | |
| References | () http://openwall.com/lists/oss-security/2014/03/26/7 - | |
| References | () http://rhn.redhat.com/errata/RHSA-2014-1552.html - | |
| References | () http://rhn.redhat.com/errata/RHSA-2015-0425.html - | |
| References | () http://secunia.com/advisories/59855 - | |
| References | () http://www.debian.org/security/2014/dsa-2894 - | |
| References | () http://www.mandriva.com/security/advisories?name=MDVSA-2014:068 - | |
| References | () http://www.mandriva.com/security/advisories?name=MDVSA-2015:095 - | |
| References | () http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html - | |
| References | () http://www.securityfocus.com/bid/66459 - | |
| References | () http://www.ubuntu.com/usn/USN-2164-1 - | |
| References | () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 - Exploit |
Information
Published : 2014-03-27 10:55
Updated : 2024-11-21 02:06
NVD link : CVE-2014-2653
Mitre link : CVE-2014-2653
CVE.ORG link : CVE-2014-2653
JSON object : View
Products Affected
openbsd
- openssh
CWE
CWE-20
Improper Input Validation