PRIOn knowledge basePRION:CVE-2014-2653Code injection
6.9 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.2%
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
References
advisories.mageia.org/MGASA-2014-0166.html
aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
openwall.com/lists/oss-security/2014/03/26/7
rhn.redhat.com/errata/RHSA-2014-1552.html
rhn.redhat.com/errata/RHSA-2015-0425.html
secunia.com/advisories/59855
www.debian.org/security/2014/dsa-2894
www.mandriva.com/security/advisories?name=MDVSA-2014:068
www.mandriva.com/security/advisories?name=MDVSA-2015:095
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/66459
www.ubuntu.com/usn/USN-2164-1
bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513
lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html
lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html
marc.info/?l=bugtraq&m=141576985122836&w=2
Related
6.9 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.007 Low
EPSS
Percentile
80.2%