|
|
Log in / Subscribe / Register

openssh: authentication bypass

Package(s):openssh CVE #(s):CVE-2014-9278
Created:March 6, 2015 Updated:March 11, 2015
Description:

From the Red Hat advisory:

It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions.

Alerts:
Scientific Linux SLSA-2015:0425-2 openssh 2015-03-25
Red Hat RHSA-2015:0425-01 openssh 2015-03-05
Oracle ELSA-2015-0425 openssh 2015-03-09
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds