PT-2014-8920 · Openssh+2 · Openssh+2

Published

2014-12-06

Updated

2017-09-08

CVE-2014-9278

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions (affected versions not specified)

Description The issue concerns the OpenSSH server when running in a Kerberos environment, allowing remote authenticated users to log in as another user if they are listed in the .k5users file of that user. This could potentially bypass intended authentication requirements that would force a local login.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CESA-2015_0425

CVE-2014-9278

RHSA-2015:0425

RHSA-2015_0425

Affected Products

Centos

Openssh

Red Hat

PT-2014-8920 · Openssh+2 · Openssh+2

CVE-2014-9278

Weakness Enumeration

Related Identifiers

Affected Products

References · 29