CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios

CVE ID

CVE-2014-2653

DESCRIPTION

It was discovered that OpenSSH clients did not correctly verify DNS SSHFP
records. A malicious server could use this flaw to force a connecting client
to skip the DNS SSHFP record check and require the user to perform manual host
verification of the DNS SSHFP record.

CVSS2 Base Score    4.3
Impact: Moderate 



 

RESOLUTION

Resolution:
This was fixed in openssh-5.3p1-104.el6.x86_64 and later.
Apply Unitrends security update v10.29 from 07/27/2018 or later, containing  openssh-5.3p1-123.el6_9.x86_64
 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us