This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local
attackers may be able to write arbitrary messages to logged-in users,
including terminal escape sequences. Reported by Nikolay Edigaryev.
Fixed a privilege separation weakness related to PAM support.
Attackers who could successfully compromise the pre-authentication
process for remote code execution and who had valid credentials on the
host could impersonate other users.
Fixed a use-after-free bug related to PAM support that was reachable
by attackers who could compromise the pre-authentication process for
remote code execution.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.2