CVE-2014-9278

{"id": "CVE-2014-9278", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-06T15:59:07.920", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-0425.html", "source": "secalert@redhat.com"}, {"url": "http://thread.gmane.org/gmane.comp.encryption.kerberos.general/15855", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2014/12/02/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2014/12/04/17", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/71420", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.mindrot.org/show_bug.cgi?id=1867", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1169843", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99090", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login."}, {"lang": "es", "value": "El servidor OpenSSH, utilizado en Fedora y Red Hat Enterprise Linux 7 y cuando funciona en un entorno Kerberos, permite a usuarios remotos autenticados iniciar sesi\u00f3n como otro usuario cuando est\u00e1n listados en el fichero .k5users de ese usuario, lo que podr\u00eda evadir los requisitos de autenticaci\u00f3n que forzar\u00eda un inicio de sesi\u00f3n local."}], "lastModified": "2017-09-08T01:29:33.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EE2027FA-357A-4BE3-9043-6DE8307C040A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}