Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 26 Mar 2014 15:57:29 -0400 (EDT)
From: cve-assign@...re.org
To: thijs@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: openssh client does not check SSHFP if server offers certificate

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> a malicious server can disable SSHFP-checking by presenting a certificate
> https://bugs.debian.org/742513

Use CVE-2014-2653.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTMy9xAAoJEKllVAevmvmsV34IAJ4eu2WLLkrN7ANZZEmsZh7P
l+fOlbx7irfAvifz2iiKDtKCJIFr3JwmeOmea1QbDxFuJIx7A16OdjZNB4EU1aLf
0XcPxd3jJSLq99UN5Osi8xJs7GTwqwlrX08dUgpopG86+7EPhaKkVkbTZsNz+F/o
Z4N1oHBmp5quvO2/yfDsbr9+lSB67KIgtfRvGZhhgelpnFDHR00je4BRV5kpE7lF
4R+VT77+iw/zdYve95XkO69fwp7hPFzDNBzDPWw3iWEBaBOFcnO3Py3kFhsCNXdI
nDt8rXoQ1WjhSYT9/hwpQaXNvkb8NvDwdjRK05yMJ/Y2WiKx0kKOAoWlpzYBN5s=
=I0pr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ