Lucene search

K
cveRedhatCVE-2014-9278
HistoryDec 06, 2014 - 3:59 p.m.

CVE-2014-9278

2014-12-0615:59:07
CWE-287
redhat
web.nvd.nist.gov
3039
openssh
server
vulnerability
remote users
kerberos
authentication

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

64.8%

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

Affected configurations

Nvd
Node
openbsdopensshMatch-
AND
redhatenterprise_linuxMatch7.0
OR
redhatfedoraMatch7
VendorProductVersionCPE
openbsdopenssh-cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatfedora7cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

64.8%