7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.4%
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY
devices, which allows local users to cause a denial of service (terminal
disruption) or possibly have unspecified other impact by writing to a
device, as demonstrated by writing an escape sequence.
Author | Note |
---|---|
mdeslaur | in wily, patch is called backport-fix-pty-permissions.patch |
www.openssh.com/txt/release-7.0
www.openwall.com/lists/oss-security/2015/08/12/1
www.openwall.com/lists/oss-security/2015/08/22/1
anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
launchpad.net/bugs/cve/CVE-2015-6565
nvd.nist.gov/vuln/detail/CVE-2015-6565
security-tracker.debian.org/tracker/CVE-2015-6565
www.cve.org/CVERecord?id=CVE-2015-6565