Vigil@nce - OpenSSH: three vulnerabilities
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use several vulnerabilities of
OpenSSH.
Impacted products: BIG-IP Hardware, TMOS, Fedora, FreeBSD, Copssh,
OpenBSD, OpenSSH, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 12/08/2015.
Revision date: 03/09/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in OpenSSH.
A local attacker can write a message (or ANSI sequences) on the
tty of other users, because the tty is world-writable. It is also
possible to use the TIOCSTI ioctl, in order to inject shell
commands. [severity:2/4; CVE-2015-6565]
On OpenSSH Portable, a local attacker can use PAM and compromise
the pre-authentication process, in order to impersonate other
users. [severity:2/4; BFS-SA-2015-002, CVE-2015-6563]
On OpenSSH Portable, an attacker can compromise the
pre-authentication process and force the usage of a freed memory
area in PAM support, in order to trigger a denial of service, and
possibly to run code. [severity:2/4; BFS-SA-2015-002,
CVE-2015-6564]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSH-three-vulnerabilities-17643