Lucene search

K

RedhatCVELIST:CVE-2014-9278

HistoryDec 06, 2014 - 3:00 p.m.

CVE-2014-9278

2014-12-0615:00:00

redhat

www.cve.org

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

References

rhn.redhat.com/errata/RHSA-2015-0425.html

thread.gmane.org/gmane.comp.encryption.kerberos.general/15855

www.openwall.com/lists/oss-security/2014/12/02/3

www.openwall.com/lists/oss-security/2014/12/04/17

www.securityfocus.com/bid/71420

bugzilla.mindrot.org/show_bug.cgi?id=1867

bugzilla.redhat.com/show_bug.cgi?id=1169843

exchange.xforce.ibmcloud.com/vulnerabilities/99090

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.0%

Related for CVELIST:CVE-2014-9278

f52 ubuntucve1 debiancve1 prion1 nvd1 cve1 fedora2 openvas4 redhat1 nessus5 oraclelinux1 centos1 symantec1