Lucene search

K

[email protected]NVD:CVE-2014-9278

HistoryDec 06, 2014 - 3:59 p.m.

CVE-2014-9278

2014-12-0615:59:07

CWE-287

[email protected]

web.nvd.nist.gov

3

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.8%

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

Affected configurations

Nvd

Node

openbsdopensshMatch-

AND

redhatenterprise_linuxMatch7.0

OR

redhatfedoraMatch7

References

rhn.redhat.com/errata/RHSA-2015-0425.html

thread.gmane.org/gmane.comp.encryption.kerberos.general/15855

www.openwall.com/lists/oss-security/2014/12/02/3

www.openwall.com/lists/oss-security/2014/12/04/17

www.securityfocus.com/bid/71420

bugzilla.mindrot.org/show_bug.cgi?id=1867

bugzilla.redhat.com/show_bug.cgi?id=1169843

exchange.xforce.ibmcloud.com/vulnerabilities/99090

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

64.8%

Related for NVD:CVE-2014-9278

prion1 cvelist1 f52 debiancve1 ubuntucve1 cve1 nessus5 redhat1 openvas4 fedora2 centos1 oraclelinux1 symantec1