Permissions, Privileges, and Access Controls in OpenSSH - CVE-2015-6565
Published: August 24, 2015 / Updated: August 4, 2020
Vulnerability identifier: #VU33287
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2015-6565
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: OpenSSH
Affected software:
OpenSSH
OpenSSH
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
How to mitigate CVE-2015-6565
Install update from vendor's website.
Sources
- http://openwall.com/lists/oss-security/2017/01/26/2
- http://www.openssh.com/txt/release-7.0
- http://www.openwall.com/lists/oss-security/2015/08/22/1
- http://www.securityfocus.com/bid/76497
- http://www.securitytracker.com/id/1033917
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://security.gentoo.org/glsa/201512-04
- https://www.exploit-db.com/exploits/41173/