Gentoo FoundationGLSA-202105-35OpenSSH: Multiple vulnerabilities
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.4%
Background
OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support.
Description
Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker, able to access the socket of the forwarding agent, might be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Furthermore, a remote attacker might conduct a man-in-the-middle attack targeting initial connection attempts where no host key for the server has been cached by client yet.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-8.5_p1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-misc/openssh | < 8.5_p1 | UNKNOWN |
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.4%