CVE-2014-8475
FreeBSD 9.1-10.0 - Unauthenticated Denial of Service via OpenSSH Kerberos Linking Issue
Title source: llmDescription
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A24.sshd.asc
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/128972/FreeBSD-Security-Advisory-sshd-Denial-Of-Service.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98491
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61440
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70913
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031168
Scores
EPSS
0.0127
EPSS Percentile
79.7%
Details
CWE
CWE-17
Status
published
Products (3)
freebsd/freebsd
9.1
freebsd/freebsd
9.2
freebsd/freebsd
10.0
Published
Nov 18, 2014
Tracked Since
Feb 18, 2026