Lucene search

K

RedhatCVELIST:CVE-2014-9278

HistoryDec 06, 2014 - 3:00 p.m.

CVE-2014-9278

2014-12-0615:00:00

redhat

www.cve.org

7

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

64.8%

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

References

rhn.redhat.com/errata/RHSA-2015-0425.html

thread.gmane.org/gmane.comp.encryption.kerberos.general/15855

www.openwall.com/lists/oss-security/2014/12/02/3

www.openwall.com/lists/oss-security/2014/12/04/17

www.securityfocus.com/bid/71420

bugzilla.mindrot.org/show_bug.cgi?id=1867

bugzilla.redhat.com/show_bug.cgi?id=1169843

exchange.xforce.ibmcloud.com/vulnerabilities/99090

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

64.8%

Related for CVELIST:CVE-2014-9278

prion1 nvd1 f52 debiancve1 ubuntucve1 cve1 nessus5 redhat1 openvas4 fedora2 centos1 oraclelinux1 symantec1