| Vulnerability Name: | CVE-2014-8475 (CCN-98491) | ||||||||
| Assigned: | 2014-11-04 | ||||||||
| Published: | 2014-11-04 | ||||||||
| Updated: | 2017-09-08 | ||||||||
| Summary: | FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-17 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-8475 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html Source: SECUNIA Type: UNKNOWN 61440 Source: BID Type: UNKNOWN 70913 Source: CCN Type: BID-70913 FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1031168 Source: XF Type: UNKNOWN freebsd-cve20148475-dos(98491) Source: XF Type: UNKNOWN freebsd-cve20148475-dos(98491) Source: FREEBSD Type: Vendor Advisory FreeBSD-SA-14:24 Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-14:24.sshd Denial of service attack against sshd(8) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||