CVE-2014-2653

Description

The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.

How to fix CVE-2014-2653

To remediate CVE-2014-2653, upgrade the affected package to a fixed version below.

Debian/openssh—upgrade to 1:6.6p1-1 or later

Is CVE-2014-2653 being exploited?

Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1:6.6p1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2653