VuXML entry for openssh - 10.3 sshd in base vulnerable
Miroslav Lachman
000.fbsd at quip.cz
Tue Jan 10 10:04:21 UTC 2017
Xin Li wrote on 2017/01/10 08:49:
>
>
> On 1/6/17 07:36, Miroslav Lachman wrote:
>> Miroslav Lachman wrote on 2017/01/03 14:11:
>>> Security entries for base are in VuXML for some time so we are checking
>>> it periodically. Now we have an alert for base sshd in 10.3-p14 and -15
>>> too.
>>>
>>> # pkg audit FreeBSD-10.3_15
>>> FreeBSD-10.3_15 is vulnerable:
>>> openssh -- multiple vulnerabilities
>>> CVE: CVE-2016-10010
>>> CVE: CVE-2016-10009
>>> WWW:
>>> https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html
>>>
>>>
>>> 1 problem(s) in the installed packages found.
>>>
>>>
>>> But there is no advisory on
>>> https://www.freebsd.org/security/advisories.html for this problem.
>>>
>>> Is it false alarm? Or did I missed something?
>>
>> 3 days without reply...
>>
>> Please, can somebody from FreeBSD team clarify if sshd in base is
>> vulnerable or not?
>
> The default configuration is not affected by CVE-2016-10010 because
> privilege separation is enabled by default.
>
> Exploiting CVE-2016-10009 requires non-trivial control over both a SSH
> server and ability to write file on the system running ssh-agent(1).
>
> We plan to issue an advisory soon, but most of users do not need to be
> worried for the vulnerabilities as the sshd(8) vulnerability requires
> deliberately weaken the configuration, and it's hard to exploit the
> ssh-agent(1) vulnerability (if an attacker is able to exploit it, they
> already have substantial control and there would be much easier attacks
> than doing it over ssh-agent).
>
> Hope this helps.
Thank you for this clarification.
Miroslav Lachman
More information about the freebsd-security
mailing list