[v2.7] openssh: remote skipping of SSHFP DNS RR checking (CVE-2014-2653)
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.
•MLIST:[oss-security] 20140326 CVE request: openssh client does not
check SSHFP if server offers certificate
(from redmine: issue id 2860, created on 2014-04-18, closed on 2014-04-21)
- parent #2856 (closed)
- Revision 23d60a55 by Natanael Copa on 2014-04-18T16:45:39Z:
main/openssh: security fix for CVE-2014-2653 fixes #2860 this also makes sure that CVE-2014-2532 is actually applied