oss-sec mailing list archives
Re: CVE request: openssh client does not check SSHFP if server offers certificate
From: cve-assign () mitre org
Date: Wed, 26 Mar 2014 15:57:29 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
a malicious server can disable SSHFP-checking by presenting a certificate https://bugs.debian.org/742513
Use CVE-2014-2653. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTMy9xAAoJEKllVAevmvmsV34IAJ4eu2WLLkrN7ANZZEmsZh7P l+fOlbx7irfAvifz2iiKDtKCJIFr3JwmeOmea1QbDxFuJIx7A16OdjZNB4EU1aLf 0XcPxd3jJSLq99UN5Osi8xJs7GTwqwlrX08dUgpopG86+7EPhaKkVkbTZsNz+F/o Z4N1oHBmp5quvO2/yfDsbr9+lSB67KIgtfRvGZhhgelpnFDHR00je4BRV5kpE7lF 4R+VT77+iw/zdYve95XkO69fwp7hPFzDNBzDPWw3iWEBaBOFcnO3Py3kFhsCNXdI nDt8rXoQ1WjhSYT9/hwpQaXNvkb8NvDwdjRK05yMJ/Y2WiKx0kKOAoWlpzYBN5s= =I0pr -----END PGP SIGNATURE-----
Current thread:
- CVE request: openssh client does not check SSHFP if server offers certificate Thijs Kinkhorst (Mar 26)
- Re: CVE request: openssh client does not check SSHFP if server offers certificate cve-assign (Mar 26)