Lucene search

[email protected]CVE-2014-8475

HistoryNov 18, 2014 - 3:59 p.m.

CVE-2014-8475

2014-11-1815:59:05

CWE-17

[email protected]

web.nvd.nist.gov

freebsd

sshd

denial of service

cve-2014-8475

nvd

openssh

kerberos

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.

Affected configurations

NVD

Node

freebsdfreebsdMatch9.1

freebsdfreebsdMatch9.2

freebsdfreebsdMatch10.0

CPENameOperatorVersion
freebsd:freebsdfreebsdeq9.1
freebsd:freebsdfreebsdeq9.2
freebsd:freebsdfreebsdeq10.0

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	9.1
freebsd:freebsd	freebsd	eq	9.2
freebsd:freebsd	freebsd	eq	10.0

References

packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html

secunia.com/advisories/61440

www.securityfocus.com/bid/70913

www.securitytracker.com/id/1031168

exchange.xforce.ibmcloud.com/vulnerabilities/98491

www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.9 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Related for CVE-2014-8475

debiancve1 nessus1 freebsd_advisory1 securityvulns2 nvd1 cvelist1 freebsd1 prion1