CVE-2014-1692 - OpenCVE

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openssh

Configuration 1 [-]

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=141576985122836&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2	Third Party Advisory
http://openwall.com/lists/oss-security/2014/01/29/10	Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2014/01/29/2	Mailing List Third Party Advisory
http://osvdb.org/102611	Broken Link
http://secunia.com/advisories/60184	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637	Third Party Advisory
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10	Vendor Advisory
http://www.securityfocus.com/bid/65230	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90819	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2014-01-29T15:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-01-29T00:00:00

Link: CVE-2014-1692

JSON object: View

NVD Information

Status : Modified

Published: 2014-01-29T16:02:05.443

Modified: 2023-02-13T00:38:24.493

Link: CVE-2014-1692

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"name": "HPSBUX03188", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637"}, {"name": "[oss-security] 20140128 OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/01/29/2"}, {"name": "102611", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102611"}, {"name": "60184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60184"}, {"name": "65230", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65230"}, {"name": "[oss-security] 20140129 Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/01/29/10"}, {"name": "openssh-cve20141692-code-exec(90819)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90819"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-1692", "datePublished": "2014-01-29T15:00:00", "dateReserved": "2014-01-29T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "532A891C-B9DE-4E56-A8E1-6655F9BE8122", "versionEndIncluding": "6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition."}, {"lang": "es", "value": "La funci\u00f3n hash_buffer en schnorr.c en OpenSSH hasta 6.4 cuando Makefile.inc se modifica para habilitar el protocolo J-PAKE, no inicializa ciertas estructuras de datos, lo que podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o tienen impacto no especificado a trav\u00e9s de vectores que provocan una condici\u00f3n de error."}], "id": "CVE-2014-1692", "lastModified": "2023-02-13T00:38:24.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-29T16:02:05.443", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2014/01/29/10"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2014/01/29/2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://osvdb.org/102611"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60184"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637"}, {"source": "secalert@redhat.com", "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/65230"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90819"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}