CVE-2014-2653 - OpenCVE

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openbsd	Openssh

Configuration 1 [-]

OR	cpe:2.3:a:openbsd:openssh::::::::
	cpe:2.3:a:openbsd:openssh:6.0:::::::*
	cpe:2.3:a:openbsd:openssh:6.1:::::::*
	cpe:2.3:a:openbsd:openssh:6.2:::::::*
	cpe:2.3:a:openbsd:openssh:6.3:::::::*
	cpe:2.3:a:openbsd:openssh:6.4:::::::*
	cpe:2.3:a:openbsd:openssh:6.5:::::::*

References

Link	Resource
http://advisories.mageia.org/MGASA-2014-0166.html
http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html
http://marc.info/?l=bugtraq&m=141576985122836&w=2
http://openwall.com/lists/oss-security/2014/03/26/7
http://rhn.redhat.com/errata/RHSA-2014-1552.html
http://rhn.redhat.com/errata/RHSA-2015-0425.html
http://secunia.com/advisories/59855
http://www.debian.org/security/2014/dsa-2894
http://www.mandriva.com/security/advisories?name=MDVSA-2014:068
http://www.mandriva.com/security/advisories?name=MDVSA-2015:095
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.securityfocus.com/bid/66459
http://www.ubuntu.com/usn/USN-2164-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-27T10:00:00

Updated: 2017-01-04T20:57:01

Reserved: 2014-03-26T00:00:00

Link: CVE-2014-2653

JSON object: View

NVD Information

Status : Modified

Published: 2014-03-27T10:55:04.513

Modified: 2017-01-07T02:59:49.407

Link: CVE-2014-2653

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2164-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"name": "59855", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59855"}, {"name": "RHSA-2015:0425", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"name": "HPSBUX03188", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "66459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66459"}, {"name": "MDVSA-2015:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"name": "FEDORA-2014-6380", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"name": "DSA-2894", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2894"}, {"name": "RHSA-2014:1552", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"name": "FEDORA-2014-6569", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"name": "MDVSA-2014:068", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2164-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"name": "59855", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59855"}, {"name": "RHSA-2015:0425", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0166.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"name": "HPSBUX03188", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "66459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66459"}, {"name": "MDVSA-2015:095", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"name": "FEDORA-2014-6380", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"name": "DSA-2894", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2894"}, {"name": "RHSA-2014:1552", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"name": "FEDORA-2014-6569", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"name": "MDVSA-2014:068", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2653", "datePublished": "2014-03-27T10:00:00", "dateReserved": "2014-03-26T00:00:00", "dateUpdated": "2017-01-04T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED8E69C2-4499-4ABD-A51C-26933966E52A", "versionEndIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}, {"lang": "es", "value": "La funci\u00f3n verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasi\u00f3n de la comprobaci\u00f3n SSHFP DNS RR mediante la presentaci\u00f3n de HostCertificate no aceptable."}], "id": "CVE-2014-2653", "lastModified": "2017-01-07T02:59:49.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-27T10:55:04.513", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"source": "cve@mitre.org", "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59855"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-2894"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/66459"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}