CVE-2014-8475

2014-11-1815:59:05

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.015 Low

EPSS

Percentile

87.1%

JSON

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.

OSVersionArchitecturePackageVersionFilename
Debian12allopenssh< 1:9.2p1-2+deb12u2openssh_1:9.2p1-2+deb12u2_all.deb
Debian11allopenssh< 1:8.4p1-5+deb11u3openssh_1:8.4p1-5+deb11u3_all.deb
Debian999allopenssh< 1:9.7p1-7openssh_1:9.7p1-7_all.deb
Debian13allopenssh< 1:9.7p1-7openssh_1:9.7p1-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	openssh	< 1:9.2p1-2+deb12u2	openssh_1:9.2p1-2+deb12u2_all.deb
Debian	11	all	openssh	< 1:8.4p1-5+deb11u3	openssh_1:8.4p1-5+deb11u3_all.deb
Debian	999	all	openssh	< 1:9.7p1-7	openssh_1:9.7p1-7_all.deb
Debian	13	all	openssh	< 1:9.7p1-7	openssh_1:9.7p1-7_all.deb