Date: Wed, 11 Jan 2017 17:28:12 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431193 - head/security/vuxml Message-ID: <201701111728.v0BHSCKo080942@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Jan 11 17:28:12 2017 New Revision: 431193 URL: https://svnweb.freebsd.org/changeset/ports/431193 Log: Document FreeBSD-SA-17:01.openssh Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jan 11 16:14:25 2017 (r431192) +++ head/security/vuxml/vuln.xml Wed Jan 11 17:28:12 2017 (r431193) @@ -58,6 +58,51 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="2c948527-d823-11e6-9171-14dae9d210b8"> + <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>11.0</ge><lt>11.0_7</lt></range> + <range><ge>10.3</ge><lt>10.3_16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>The ssh-agent(1) agent supports loading a PKCS#11 module + from outside a trusted whitelist. An attacker can request + loading of a PKCS#11 module across forwarded agent-socket. + [CVE-2016-10009]</p> + <p>When privilege separation is disabled, forwarded Unix + domain sockets would be created by sshd(8) with the privileges + of 'root' instead of the authenticated user. [CVE-2016-10010]</p> + <h1>Impact:</h1> + <p>A remote attacker who have control of a forwarded + agent-socket on a remote system and have the ability to + write files on the system running ssh-agent(1) agent can + run arbitrary code under the same user credential. Because + the attacker must already have some control on both systems, + it is relatively hard to exploit this vulnerability in a + practical attack. [CVE-2016-10009]</p> + <p>When privilege separation is disabled (on FreeBSD, + privilege separation is enabled by default and has to be + explicitly disabled), an authenticated attacker can potentially + gain root privileges on systems running OpenSSH server. + [CVE-2016-10010]</p> + </body> + </description> + <references> + <cvename>CVE-2016-1000</cvename> + <cvename>CVE-2016-1001</cvename> + <freebsdsa>SA-17:01.openssh</freebsdsa> + </references> + <dates> + <discovery>2017-01-11</discovery> + <entry>2017-01-11</entry> + </dates> + </vuln> + <vuln vid="7caebe30-d7f1-11e6-a9a5-b499baebfeaf"> <topic>openssl -- timing attack vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701111728.v0BHSCKo080942>