OpenSSH -- PAM vulnerabilities

2015-08-11T00:00:00
ID 2920C449-4850-11E5-825F-C80AA9043978
Type freebsd
Reporter FreeBSD
Modified 2016-08-09T00:00:00

Description

OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution.