FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
76b5068c-8436-11eb-9469-080027f515eaOpenSSH -- Double-free memory corruption in ssh-agent

OpenBSD Project reports:

ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket.

On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions.

The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.


Discovery 2021-03-03
Entry 2021-03-13
Modified 2021-04-20
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi
ge 8.2.p1,1 lt 8.4.p1_4,1

CVE-2021-28041
https://www.openssh.com/txt/release-8.5