Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Mar 2021 19:30:13 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r568757 - head/security/vuxml
Message-ID:  <202103181930.12IJUDIk055695@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Thu Mar 18 19:30:12 2021
New Revision: 568757
URL: https://svnweb.freebsd.org/changeset/ports/568757

Log:
  Document OpenSSH CVE-2021-28041
  
  PR:	254258
  Submitted by:	Yasuhiro Kimura

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Thu Mar 18 19:14:59 2021	(r568756)
+++ head/security/vuxml/vuln.xml	Thu Mar 18 19:30:12 2021	(r568757)
@@ -78,6 +78,50 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="76b5068c-8436-11eb-9469-080027f515ea">
+    <topic>OpenSSH -- Double-free memory corruption in ssh-agent</topic>
+    <affects>
+      <package>
+	<name>openssh-portable</name>
+	<range><ge>8.2p1,1</ge><lt>8.5p1,1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>OpenBSD Project reports:</p>
+	<blockquote cite="https://www.openssh.com/txt/release-8.5">;
+	  <p>
+	    ssh-agent(1): fixed a double-free memory corruption that was
+	    introduced in OpenSSH 8.2 . We treat all such memory faults as
+	    potentially exploitable. This bug could be reached by an attacker
+	    with access to the agent socket.
+	  </p>
+	  <p>
+	    On modern operating systems where the OS can provide information
+	    about the user identity connected to a socket, OpenSSH ssh-agent
+	    and sshd limit agent socket access only to the originating user
+	    and root. Additional mitigation may be afforded by the system's
+	    malloc(3)/free(3) implementation, if it detects double-free
+	    conditions.
+	  </p>
+	  <p>
+	    The most likely scenario for exploitation is a user forwarding an
+	    agent either to an account shared with a malicious user or to a
+	    host with an attacker holding root access.
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2021-28041</cvename>
+      <url>https://www.openssh.com/txt/release-8.5</url>;
+    </references>
+    <dates>
+      <discovery>2021-03-03</discovery>
+      <entry>2021-03-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="50e59056-87f2-11eb-b6a2-001b217b3468">
     <topic>Gitlab -- Multiple vulnerabilities</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103181930.12IJUDIk055695>