FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
adccefd1-7080-11e6-a2cb-c80aa9043978openssh -- sshd -- remote valid user discovery and PAM /bin/login attack

The OpenSSH project reports:

* sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com

* sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh.


Discovery 2016-08-01
Entry 2016-09-01
openssh-portable
< 7.3.p1,1

http://www.openssh.com/txt/release-7.3
CVE-2016-6210
CVE-2015-8325
2c948527-d823-11e6-9171-14dae9d210b8FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description:

The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. [CVE-2016-10010]

Impact:

A remote attacker who have control of a forwarded agent-socket on a remote system and have the ability to write files on the system running ssh-agent(1) agent can run arbitrary code under the same user credential. Because the attacker must already have some control on both systems, it is relatively hard to exploit this vulnerability in a practical attack. [CVE-2016-10009]

When privilege separation is disabled (on FreeBSD, privilege separation is enabled by default and has to be explicitly disabled), an authenticated attacker can potentially gain root privileges on systems running OpenSSH server. [CVE-2016-10010]


Discovery 2017-01-11
Entry 2017-01-11
Modified 2017-01-13
openssh-portable
< 7.3.p1_5,1

FreeBSD
ge 11.0 lt 11.0_7

ge 10.3 lt 10.3_16

CVE-2016-10009
CVE-2016-10010
SA-17:01.openssh
2a1b931f-2b86-11ec-8acd-c80aa9043978OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand

OpenBSD Project reports:

sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.

Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.

Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).


Discovery 2021-09-26
Entry 2021-10-12
openssh-portable
openssh-portable-hpn
openssh-portable-gssapi
ge 6.2.p1,1 lt 8.7.p1_2,1

CVE-2021-41617
https://www.openssh.com/txt/release-8.8