FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSH -- PAM vulnerabilities

Affected packages
openssh-portable < 7.0.p1,1
10.2 <= FreeBSD < 10.2_2
10.1 <= FreeBSD < 10.1_19
9.3 <= FreeBSD < 9.3_24

Details

VuXML ID 2920c449-4850-11e5-825f-c80aa9043978
Discovery 2015-08-11
Entry 2015-08-21
Modified 2016-08-09

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.

Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users.

Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution.

References

CVE Name CVE-2015-6563
CVE Name CVE-2015-6564
CVE Name CVE-2015-6565
FreeBSD Advisory SA-15:22.openssh
URL http://www.openssh.com/txt/release-7.0