FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
887eb570-27d3-11ee-adba-c80aa9043978	OpenSSH -- remote code execution via a forwarded agent socket OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team. Discovery 2023-07-19 Entry 2023-07-21 openssh-portable openssh-portable-hpn openssh-portable-gssapi < 9.3.p2,1 CVE-2023-38408 https://www.openssh.com/txt/release-9.3p2
76b5068c-8436-11eb-9469-080027f515ea	OpenSSH -- Double-free memory corruption in ssh-agent OpenBSD Project reports: ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions. The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access. Discovery 2021-03-03 Entry 2021-03-13 Modified 2021-04-20 openssh-portable openssh-portable-hpn openssh-portable-gssapi ge 8.2.p1,1 lt 8.4.p1_4,1 CVE-2021-28041 https://www.openssh.com/txt/release-8.5
2a1b931f-2b86-11ec-8acd-c80aa9043978	OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand OpenBSD Project reports: sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege. Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5). Discovery 2021-09-26 Entry 2021-10-12 openssh-portable openssh-portable-hpn openssh-portable-gssapi ge 6.2.p1,1 lt 8.7.p1_2,1 CVE-2021-41617 https://www.openssh.com/txt/release-8.8

VuXML ID

Description

887eb570-27d3-11ee-adba-c80aa9043978

OpenSSH -- remote code execution via a forwarded agent socket

OpenSSH project reports:

Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: * Exploitation requires the presence of specific libraries on the victim system. * Remote exploitation requires that the agent was forwarded to an attacker-controlled system. Exploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries. This vulnerability was discovered and demonstrated to be exploitable by the Qualys Security Advisory team.

Discovery 2023-07-19
Entry 2023-07-21
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi

< 9.3.p2,1

CVE-2023-38408
https://www.openssh.com/txt/release-9.3p2

76b5068c-8436-11eb-9469-080027f515ea

OpenSSH -- Double-free memory corruption in ssh-agent

OpenBSD Project reports:

ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket.

On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions.

The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.

Discovery 2021-03-03
Entry 2021-03-13
Modified 2021-04-20
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi

ge 8.2.p1,1 lt 8.4.p1_4,1

CVE-2021-28041
https://www.openssh.com/txt/release-8.5

2a1b931f-2b86-11ec-8acd-c80aa9043978

OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports:

sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.

Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.

Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).

Discovery 2021-09-26
Entry 2021-10-12
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi

ge 6.2.p1,1 lt 8.7.p1_2,1

CVE-2021-41617
https://www.openssh.com/txt/release-8.8