FreeBSD : openssh -- multiple vulnerabilities (2aedd15f-ca8b-11e6-a9a5-b499baebfeaf)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The OpenSSH project reports :

- ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
outside a trusted whitelist (run-time configurable). Requests to load
modules could be passed via agent forwarding and an attacker could
attempt to load a hostile PKCS#11 module across the forwarded agent
channel: PKCS#11 modules are shared libraries, so this would result in
code execution on the system running the ssh-agent if the attacker has
control of the forwarded agent-socket (on the host running the sshd
server) and the ability to write to the filesystem of the host running
ssh-agent (usually the host running the ssh client). (CVE-2016-10009)

- sshd(8): When privilege separation is disabled, forwarded
Unix-domain sockets would be created by sshd(8) with the privileges of
'root' instead of the authenticated user. This release refuses
Unix-domain socket forwarding when privilege separation is disabled
(Privilege separation has been enabled by default for 14 years).
CVE-2016-10010)

See also :

https://www.openssh.com/txt/release-7.4
http://www.nessus.org/u?ef876730

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96116 ()

Bugtraq ID:

CVE ID: CVE-2016-10009
CVE-2016-10010

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now