CVE-2014-2653

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions 6.6 and earlier

Description The issue allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. This can lead to a bypass of security restrictions. Exploitation of the vulnerability can be done remotely and may result in the disruption of confidentiality and integrity of protected information.

Recommendations For OpenSSH versions 6.6 and earlier, update to a version later than 6.6 to resolve the issue. As a temporary workaround, consider disabling the verify host key function until a patch is available. Restrict access to the SSH service to minimize the risk of exploitation. Avoid using the HostCertificate in the SSH connection process until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-20

Related Identifiers

ALT-PU-2014-1351

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2015-04127

BDU:2015-06145

BDU:2015-06146

BDU:2015-06147

BDU:2015-06148

BDU:2015-06149

BDU:2015-06150

BDU:2015-06151

CESA-2014_1552

CESA-2015_0425

CVE-2014-2653

DSA-2894-1

HPSBUX03188

MGASA-2014-0166

RHSA-2014:1552

RHSA-2014_1552

RHSA-2015:0425

RHSA-2015_0425

Affected Products

Alt Linux

Centos

Hp-Ux

Ibm Aix

Openssh

Red Hat

Suse

CVE-2014-2653

Weakness Enumeration

Related Identifiers

Affected Products

References · 99