OpenSSH memory corruption issue (CVE-2014-1692) in RSA Authentication Manager - False Positive
Originally Published: 2016-03-02
Article Number
Applies To
CVE Identifier(s)
Article Summary
CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.CVSS v2 Base Score: 7.5 HIGH
Link to Advisories
Alert Impact
Not Applicable
Alert Impact Explanation
The SUSE version of SSH is not impacted.
Notes
We do not enable JPAKE support in our openSSH releases, so SUSE Linux Enterprise and openSUSE are not affected by this problem.
Disclaimer
Related Articles
Microprocessor Side-Channel Vulnerabilities (CVE-2018-3639 and CVE-2018-3640): Impact on RSA products Number of Views CVE-2021-41617 Security vulnerability for RSA Authentication Manager 8.6.x Number of Views Back-up failing after running network vulnerability scanner against Authentication Manager Number of Views Speculative Execution Side-Channel Vulnerabilities (CVE-2018-3615, CVE-2018-3620, and CVE-2018-3646): Impact on RSA products Number of Views Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
