{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2164-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"name": "59855", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59855"}, {"name": "RHSA-2015:0425", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"name": "HPSBUX03188", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "66459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66459"}, {"name": "MDVSA-2015:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"name": "FEDORA-2014-6380", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"name": "DSA-2894", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2894"}, {"name": "RHSA-2014:1552", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"name": "FEDORA-2014-6569", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"name": "MDVSA-2014:068", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2164-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"name": "59855", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59855"}, {"name": "RHSA-2015:0425", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0166.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"name": "HPSBUX03188", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "66459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66459"}, {"name": "MDVSA-2015:095", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"name": "FEDORA-2014-6380", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"name": "DSA-2894", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2894"}, {"name": "RHSA-2014:1552", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513", "refsource": "CONFIRM", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"name": "FEDORA-2014-6569", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"name": "MDVSA-2014:068", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:35.933Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2164-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"name": "59855", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59855"}, {"name": "RHSA-2015:0425", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"name": "HPSBUX03188", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "SSRT101487", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"name": "66459", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66459"}, {"name": "MDVSA-2015:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"name": "[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"name": "FEDORA-2014-6380", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"name": "DSA-2894", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2894"}, {"name": "RHSA-2014:1552", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"name": "FEDORA-2014-6569", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"name": "MDVSA-2014:068", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2653", "datePublished": "2014-03-27T10:00:00", "dateReserved": "2014-03-26T00:00:00", "dateUpdated": "2024-08-06T10:21:35.933Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED8E69C2-4499-4ABD-A51C-26933966E52A", "versionEndIncluding": "6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9754B4A-3042-49B8-86F7-2D60E25400C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3872787F-2C1C-40C0-B9CF-A3C0CEAAB400", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "39D1E296-3040-4CC9-B95B-3E07D73F1150", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCEE2677-16EE-484F-B2FB-FCA377E0D76B", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "90798B9A-A1C6-4EC5-96BF-AF9C6FEFB63D", "vulnerable": true}, {"criteria": "cpe:2.3:a:openbsd:openssh:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A8ABE51-1535-44D9-B2A1-CC91021A29D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate."}, {"lang": "es", "value": "La funci\u00f3n verify_host_key en sshconnect.c en el cliente en OpenSSH 6.6 y anteriores permite a servidores remotos provocar la evasi\u00f3n de la comprobaci\u00f3n SSHFP DNS RR mediante la presentaci\u00f3n de HostCertificate no aceptable."}], "id": "CVE-2014-2653", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-27T10:55:04.513", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"source": "cve@mitre.org", "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/59855"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-2894"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/66459"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0166.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aix.software.ibm.com/aix/efixes/security/openssh_advisory4.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133537.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=141576985122836&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/03/26/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1552.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2164-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2014:1552", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssh-0:5.3p1-104.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2015:0425", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssh-0:6.6.1p1-11.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "openssh: failure to check DNS SSHFP records in certain scenarios", "id": "1081338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1081338"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-287", "details": ["The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.", "It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record."], "name": "CVE-2014-2653", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssh", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-03-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-2653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2653"], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/", "threat_severity": "Moderate"}