CVE-2014-9278

2014-12-0615:59:00

Debian Security Bug Tracker

security-tracker.debian.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.5%

JSON

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssh< 1:9.2p1-2+deb12u2openssh_1:9.2p1-2+deb12u2_all.deb
Debian11allopenssh< 1:8.4p1-5+deb11u3openssh_1:8.4p1-5+deb11u3_all.deb
Debian10allopenssh< 1:7.9p1-10+deb10u2openssh_1:7.9p1-10+deb10u2_all.deb
Debian999allopenssh< 1:9.7p1-4openssh_1:9.7p1-4_all.deb
Debian13allopenssh< 1:9.6p1-4openssh_1:9.6p1-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssh	< 1:9.2p1-2+deb12u2	openssh_1:9.2p1-2+deb12u2_all.deb
Debian	11	all	openssh	< 1:8.4p1-5+deb11u3	openssh_1:8.4p1-5+deb11u3_all.deb
Debian	10	all	openssh	< 1:7.9p1-10+deb10u2	openssh_1:7.9p1-10+deb10u2_all.deb
Debian	999	all	openssh	< 1:9.7p1-4	openssh_1:9.7p1-4_all.deb
Debian	13	all	openssh	< 1:9.6p1-4	openssh_1:9.6p1-4_all.deb