FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2920c449-4850-11e5-825f-c80aa9043978OpenSSH -- PAM vulnerabilities

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.

Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users.

Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution.


Discovery 2015-08-11
Entry 2015-08-21
Modified 2016-08-09
openssh-portable
< 7.0.p1,1

FreeBSD
ge 10.2 lt 10.2_2

ge 10.1 lt 10.1_19

ge 9.3 lt 9.3_24

http://www.openssh.com/txt/release-7.0
CVE-2015-6563
CVE-2015-6564
CVE-2015-6565
SA-15:22.openssh