CVE-2014-2653 — Improper Input Validation in Openssh

CWE-20 — Improper Input Validation CWE-287 — Improper Authentication11 documents10 sources

Severity

5.8MEDIUMNVD

EPSS

3.9%

top 11.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh Paloalto Pan-os

Timeline

PublishedMar 27

Latest updateMay 17

Description

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶Debianopenbsd/openssh< 1:6.6p1-1+3

▶NVDopenbsd/openssh6.6+6

▶Palo Altopaloalto/pan-os

🔴Vulnerability Details

GHSA

GHSA-52r2-7jx8-c8gc: The verify_host_key function in sshconnect↗2022-05-17

▶

OSV

CVE-2014-2653: The verify_host_key function in sshconnect↗2014-03-27

▶

CVEList

CVE-2014-2653: The verify_host_key function in sshconnect↗2014-03-27

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2020-0004 Informational: Third-party or open source vulnerabilities that do not affect PAN-OS↗2020-05-13

▶

BSD

FreeBSD-SA-15:16.openssh: OpenSSH multiple vulnerabilities↗2015-07-28

▶

Ubuntu

OpenSSH vulnerability↗2014-04-07

▶

Red Hat

openssh: failure to check DNS SSHFP records in certain scenarios↗2014-03-24

▶

Debian

CVE-2014-2653: openssh - The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and ea...↗2014

▶

💬Community

Bugzilla

CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios↗2014-03-27

▶

Bugzilla

CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios [fedora-all]↗2014-03-27

▶