svn commit: r431193 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Wed Jan 11 17:28:14 UTC 2017
Author: feld
Date: Wed Jan 11 17:28:12 2017
New Revision: 431193
URL: https://svnweb.freebsd.org/changeset/ports/431193
Log:
Document FreeBSD-SA-17:01.openssh
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 11 16:14:25 2017 (r431192)
+++ head/security/vuxml/vuln.xml Wed Jan 11 17:28:12 2017 (r431193)
@@ -58,6 +58,51 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2c948527-d823-11e6-9171-14dae9d210b8">
+ <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>FreeBSD</name>
+ <range><ge>11.0</ge><lt>11.0_7</lt></range>
+ <range><ge>10.3</ge><lt>10.3_16</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The ssh-agent(1) agent supports loading a PKCS#11 module
+ from outside a trusted whitelist. An attacker can request
+ loading of a PKCS#11 module across forwarded agent-socket.
+ [CVE-2016-10009]</p>
+ <p>When privilege separation is disabled, forwarded Unix
+ domain sockets would be created by sshd(8) with the privileges
+ of 'root' instead of the authenticated user. [CVE-2016-10010]</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who have control of a forwarded
+ agent-socket on a remote system and have the ability to
+ write files on the system running ssh-agent(1) agent can
+ run arbitrary code under the same user credential. Because
+ the attacker must already have some control on both systems,
+ it is relatively hard to exploit this vulnerability in a
+ practical attack. [CVE-2016-10009]</p>
+ <p>When privilege separation is disabled (on FreeBSD,
+ privilege separation is enabled by default and has to be
+ explicitly disabled), an authenticated attacker can potentially
+ gain root privileges on systems running OpenSSH server.
+ [CVE-2016-10010]</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1000</cvename>
+ <cvename>CVE-2016-1001</cvename>
+ <freebsdsa>SA-17:01.openssh</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-01-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7caebe30-d7f1-11e6-a9a5-b499baebfeaf">
<topic>openssl -- timing attack vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list