CVE-2014-9278 — Vulnetix

CVE-2014-9278 PUBLISHED

Reported by redhat · Published December 6, 2014

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a

Timeline

Dec 6, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 17, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

71420 vdb-entryx_refsource_BID
[oss-security] 20141204 Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) mailing-listx_refsource_MLIST
RHSA-2015:0425 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
x_refsource_CONFIRM
x_refsource_MISC
openssh-gssservkrb5-sec-bypass(99090) vdb-entryx_refsource_XF
[oss-security] 20141202 CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) mailing-listx_refsource_MLIST

Open in Interactive Console →