[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: openssh client does not check SSHFP if server offers certificate
From:       cve-assign () mitre ! org
Date:       2014-03-26 19:57:29
Message-ID: 201403261957.s2QJvT4C000535 () linus ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> a malicious server can disable SSHFP-checking by presenting a certificate
> https://bugs.debian.org/742513

Use CVE-2014-2653.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTMy9xAAoJEKllVAevmvmsV34IAJ4eu2WLLkrN7ANZZEmsZh7P
l+fOlbx7irfAvifz2iiKDtKCJIFr3JwmeOmea1QbDxFuJIx7A16OdjZNB4EU1aLf
0XcPxd3jJSLq99UN5Osi8xJs7GTwqwlrX08dUgpopG86+7EPhaKkVkbTZsNz+F/o
Z4N1oHBmp5quvO2/yfDsbr9+lSB67KIgtfRvGZhhgelpnFDHR00je4BRV5kpE7lF
4R+VT77+iw/zdYve95XkO69fwp7hPFzDNBzDPWw3iWEBaBOFcnO3Py3kFhsCNXdI
nDt8rXoQ1WjhSYT9/hwpQaXNvkb8NvDwdjRK05yMJ/Y2WiKx0kKOAoWlpzYBN5s=
=I0pr
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]