FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2c948527-d823-11e6-9171-14dae9d210b8FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. [CVE-2016-10010]

Impact:

A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. [CVE-2016-10009]

When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server. [CVE-2016-10010]


Discovery 2017-01-11
Entry 2017-01-11
Modified 2017-01-13
openssh-portable
< 7.3.p1_5,1

FreeBSD
ge 11.0 lt 11.0_7

ge 10.3 lt 10.3_16

CVE-2016-10009
CVE-2016-10010
SA-17:01.openssh
2a1b931f-2b86-11ec-8acd-c80aa9043978OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports:

sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.

Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.

Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).


Discovery 2021-09-26
Entry 2021-10-12
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi
ge 6.2.p1,1 lt 8.7.p1_2,1

CVE-2021-41617
https://www.openssh.com/txt/release-8.8