diff options
| author | feld <feld@FreeBSD.org> | 2017-01-12 01:28:12 +0800 |
|---|---|---|
| committer | feld <feld@FreeBSD.org> | 2017-01-12 01:28:12 +0800 |
| commit | e5bfd030bec1cbb7137ca9d33c9353ea7c47beab (patch) | |
| tree | 276a81ed20386b09e621e1dd6ae494efb2d1322e | |
| parent | b23b88d6f66f0809931cf0a437b61cc5e2d08841 (diff) | |
| download | freebsd-ports-gnome-e5bfd030bec1cbb7137ca9d33c9353ea7c47beab.tar.gz freebsd-ports-gnome-e5bfd030bec1cbb7137ca9d33c9353ea7c47beab.tar.zst freebsd-ports-gnome-e5bfd030bec1cbb7137ca9d33c9353ea7c47beab.zip | |
Document FreeBSD-SA-17:01.openssh
| -rw-r--r-- | security/vuxml/vuln.xml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index dbd5a6f75bab..b4accdf69b2d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,51 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2c948527-d823-11e6-9171-14dae9d210b8"> + <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>11.0</ge><lt>11.0_7</lt></range> + <range><ge>10.3</ge><lt>10.3_16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The ssh-agent(1) agent supports loading a PKCS#11 module + from outside a trusted whitelist. An attacker can request + loading of a PKCS#11 module across forwarded agent-socket. + [CVE-2016-10009]</p> + <p>When privilege separation is disabled, forwarded Unix + domain sockets would be created by sshd(8) with the privileges + of 'root' instead of the authenticated user. [CVE-2016-10010]</p> + <h1>Impact:</h1> + <p>A remote attacker who have control of a forwarded + agent-socket on a remote system and have the ability to + write files on the system running ssh-agent(1) agent can + run arbitrary code under the same user credential. Because + the attacker must already have some control on both systems, + it is relatively hard to exploit this vulnerability in a + practical attack. [CVE-2016-10009]</p> + <p>When privilege separation is disabled (on FreeBSD, + privilege separation is enabled by default and has to be + explicitly disabled), an authenticated attacker can potentially + gain root privileges on systems running OpenSSH server. + [CVE-2016-10010]</p> + </body> + </description> + <references> + <cvename>CVE-2016-1000</cvename> + <cvename>CVE-2016-1001</cvename> + <freebsdsa>SA-17:01.openssh</freebsdsa> + </references> + <dates> + <discovery>2017-01-11</discovery> + <entry>2017-01-11</entry> + </dates> + </vuln> + <vuln vid="7caebe30-d7f1-11e6-a9a5-b499baebfeaf"> <topic>openssl -- timing attack vulnerability</topic> <affects> |