BSA-2017-270

🗓️ 17 May 2017 00:00:00Reported by Broadcom Security ResponseType

broadcom🔗 support.broadcom.com👁 11 Views

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Impacted Products: Brocade Services Director (Fixed in 2.4), Brocade SLX-OS (Fixed in 17R.2.0)

Reporter	Title	Published	Views	Family All 157
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)	31 Jan 201901:35	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in openssh affects IBM Flex System Manager (FSM): (CVE-2014-2653)	31 Jan 201901:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Open Secure Shell for GPFS V3.5 on Windows (CVE-2014-2653, CVE-2014-2532)	25 Jun 202116:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Open SSL, OpenSSH and curl affect the Integrated Management Module II (IMM2)	31 Jan 201901:55	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities affect IBM's Advanced Management Module (AMM)	14 Apr 202314:32	–	ibm
Tenable Nessus	OpenSSH < 6.7 Security Bypass	21 Aug 201900:00	–	nessus
Tenable Nessus	AIX OpenSSH Vulnerability : openssh_advisory4.asc	20 Jun 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : openssh (ALAS-2014-369)	12 Oct 201400:00	–	nessus
Tenable Nessus	CentOS 6 : openssh (CESA-2014:1552)	12 Nov 201400:00	–	nessus
Tenable Nessus	CentOS 7 : openssh (CESA-2015:0425)	18 Mar 201500:00	–	nessus

09 Sep 2017 06:47Current

6.9Medium risk

Vulners AI Score6.9

CVSS 25.8

CVSS 3.16.5

EPSS0.02148

SSVC