PT-2014-8920 · Openssh+2 · Openssh+2

Publicado

2014-12-06

Atualizado

2017-09-08

CVE-2014-9278

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions (affected versions not specified)

Description The issue concerns the OpenSSH server when running in a Kerberos environment, allowing remote authenticated users to log in as another user if they are listed in the .k5users file of that user. This could potentially bypass intended authentication requirements that would force a local login.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CESA-2015_0425

CVE-2014-9278

RHSA-2015:0425

RHSA-2015_0425

Produtos afetados

Centos

Openssh

Red Hat

PT-2014-8920 · Openssh+2 · Openssh+2

CVE-2014-9278

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29