CVE-2015-6565

Publication date 24 August 2015

Last updated 24 July 2024

Ubuntu priority

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openssh	15.04 vivid	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

in wily, patch is called backport-fix-pty-permissions.patch

References

MITRE
NVD
Launchpad
Debian

Other references

https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
http://www.openwall.com/lists/oss-security/2015/08/12/1
http://www.openwall.com/lists/oss-security/2015/08/22/1
http://www.openssh.com/txt/release-7.0
https://www.cve.org/CVERecord?id=CVE-2015-6565