FreeBSD : OpenSSH -- PAM vulnerabilities (2920c449-4850-11e5-825f-c80aa9043978)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local
attackers may be able to write arbitrary messages to logged-in users,
including terminal escape sequences. Reported by Nikolay Edigaryev.

Fixed a privilege separation weakness related to PAM support.
Attackers who could successfully compromise the pre-authentication
process for remote code execution and who had valid credentials on the
host could impersonate other users.

Fixed a use-after-free bug related to PAM support that was reachable
by attackers who could compromise the pre-authentication process for
remote code execution.

See also :

http://www.openssh.com/txt/release-7.0
http://www.nessus.org/u?c6618f1a

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85594 ()

Bugtraq ID:

CVE ID: CVE-2015-6563
CVE-2015-6564
CVE-2015-6565

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now