6.5

CVE-2014-2653

Exploit
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version <= 6.6
OpenbsdOpenssh Version6.0
OpenbsdOpenssh Version6.1
OpenbsdOpenssh Version6.2
OpenbsdOpenssh Version6.3
OpenbsdOpenssh Version6.4
OpenbsdOpenssh Version6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.99% 0.78
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://marc.info/?l=bugtraq&m=141576985122836&w=2
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html
http://rhn.redhat.com/errata/RHSA-2014-1552.html
http://secunia.com/advisories/59855
http://www.debian.org/security/2014/dsa-2894
http://www.mandriva.com/security/advisories?name=MDVSA-2014:068
http://www.mandriva.com/security/advisories?name=MDVSA-2015:095
http://advisories.mageia.org/MGASA-2014-0166.html
http://openwall.com/lists/oss-security/2014/03/26/7
http://rhn.redhat.com/errata/RHSA-2015-0425.html
http://www.securityfocus.com/bid/66459
http://www.ubuntu.com/usn/USN-2164-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
Exploit