SB2015082610 - Permissions, Privileges, and Access Controls in openssh (Alpine package)
Published: August 26, 2015
Security Bulletin ID
SB2015082610
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-6565)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=8a07923212fef85b959a7a5d33641b887bb28926
- https://git.alpinelinux.org/aports/commit/?id=9f54596949dd38f889aab1798292ffe1c3bc7ed3
- https://git.alpinelinux.org/aports/commit/?id=397b30fdd336abf6492edc4c261e51445808a133
- https://git.alpinelinux.org/aports/commit/?id=d17bb4a5103becdf779de640c3274345395bb8b9