FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2a1b931f-2b86-11ec-8acd-c80aa9043978OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports:

sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.

Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.

Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).


Discovery 2021-09-26
Entry 2021-10-12
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi
ge 6.2.p1,1 lt 8.7.p1_2,1

CVE-2021-41617
https://www.openssh.com/txt/release-8.8
dfe0cdc1-baf2-11e5-863a-b499baebfeafopenssh -- information disclosure

OpenSSH reports:

OpenSSH clients between versions 5.4 and 7.1 are vulnerable to information disclosure that may allow a malicious server to retrieve information including under some circumstances, user's private keys.


Discovery 2016-01-14
Entry 2016-01-14
Modified 2016-08-09
openssh-portable
gt 5.4.p0,1 lt 7.1.p2,1

FreeBSD
ge 10.2 lt 10.2_10

ge 10.1 lt 10.1_27

ge 9.3 lt 9.3_34

http://www.openssh.com/security.html
CVE-2016-0777
CVE-2016-0778
SA-16:07
adccefd1-7080-11e6-a2cb-c80aa9043978openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

The OpenSSH project reports:

* sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com

* sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh.


Discovery 2016-08-01
Entry 2016-09-01
openssh-portable
< 7.3.p1,1

http://www.openssh.com/txt/release-7.3
CVE-2016-6210
CVE-2015-8325
2c948527-d823-11e6-9171-14dae9d210b8FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. [CVE-2016-10010]

Impact:

A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. [CVE-2016-10009]

When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server. [CVE-2016-10010]


Discovery 2017-01-11
Entry 2017-01-11
Modified 2017-01-13
openssh-portable
< 7.3.p1_5,1

FreeBSD
ge 11.0 lt 11.0_7

ge 10.3 lt 10.3_16

CVE-2016-10009
CVE-2016-10010
SA-17:01.openssh
e4644df8-e7da-11e5-829d-c80aa9043978openssh -- command injection when X11Forwarding is enabled

The OpenSSH project reports:

Missing sanitisation of untrusted input allows an authenticated user who is able to request X11 forwarding to inject commands to xauth(1).

Injection of xauth commands grants the ability to read arbitrary files under the authenticated user's privilege, Other xauth commands allow limited information leakage, file overwrite, port probing and generally expose xauth(1), which was not written with a hostile user in mind, as an attack surface.

Mitigation:

Set X11Forwarding=no in sshd_config. This is the default.

For authorized_keys that specify a "command" restriction, also set the "restrict" (available in OpenSSH >=7.2) or "no-x11-forwarding" restrictions.


Discovery 2016-03-11
Entry 2016-03-11
Modified 2016-08-09
openssh-portable
< 7.2.p2,1

FreeBSD
ge 10.2 lt 10.2_14

ge 10.1 lt 10.1_31

ge 9.3 lt 9.3_39

http://www.openssh.com/txt/x11fwd.adv
CVE-2016-3115
SA-16:14.openssh