CVE-2014-9278

Publication date 6 December 2014

Last updated 24 July 2024

Ubuntu priority

The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssh	14.10 utopic	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

vulnerable patch not included in Debian/Ubuntu

References

MITRE
NVD
Launchpad
Debian

Other references

https://bugzilla.redhat.com/show_bug.cgi?id=1169843
https://www.cve.org/CVERecord?id=CVE-2014-9278