CVE-2015-6565
Published: 24 August 2015
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
Notes
Author | Note |
---|---|
mdeslaur | in wily, patch is called backport-fix-pty-permissions.patch |
Priority
References
- https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
- http://www.openwall.com/lists/oss-security/2015/08/12/1
- http://www.openwall.com/lists/oss-security/2015/08/22/1
- http://www.openssh.com/txt/release-7.0
- https://www.cve.org/CVERecord?id=CVE-2015-6565
- NVD
- Launchpad
- Debian