Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9278

Опубликовано: 03 окт. 2014
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5opensshNot affected
Red Hat Enterprise Linux 6opensshNot affected
Red Hat Enterprise Linux 7opensshFixedRHSA-2015:042505.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1169843openssh: ~/.k5users unexpectedly grants remote login

EPSS

Процентиль: 57%
0.00351
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9278

ubuntu
больше 10 лет назад

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

nvd логотип

CVE-2014-9278

nvd
больше 10 лет назад

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

debian логотип

CVE-2014-9278

debian
больше 10 лет назад

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 a ...

github логотип

GHSA-q38j-wxrx-r48r

github
больше 3 лет назад

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

oracle-oval логотип

ELSA-2015-0425

oracle-oval
больше 10 лет назад

ELSA-2015-0425: openssh security, bug fix and enhancement update (MODERATE)

EPSS

Процентиль: 57%
0.00351
Низкий

4.9 Medium

CVSS2