FreeBSD : FreeBSD -- OpenSSH multiple vulnerabilities (2c948527-d823-11e6-9171-14dae9d210b8)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The ssh-agent(1) agent supports loading a PKCS#11 module from outside
a trusted whitelist. An attacker can request loading of a PKCS#11
module across forwarded agent-socket. [CVE-2016-10009]

When privilege separation is disabled, forwarded Unix domain sockets
would be created by sshd(8) with the privileges of 'root' instead of
the authenticated user. [CVE-2016-10010] Impact : A remote attacker
who have control of a forwarded agent-socket on a remote system and
have the ability to write files on the system running ssh-agent(1)
agent can run arbitrary code under the same user credential. Because
the attacker must already have some control on both systems, it is
relatively hard to exploit this vulnerability in a practical attack.
[CVE-2016-10009]

When privilege separation is disabled (on FreeBSD, privilege
separation is enabled by default and has to be explicitly disabled),
an authenticated attacker can potentially gain root privileges on
systems running OpenSSH server. [CVE-2016-10010]

See also :

http://www.nessus.org/u?42f17fff

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 96411 ()

Bugtraq ID:

CVE ID: CVE-2016-10009
CVE-2016-10010

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now