Wind River Support Network

HomeDefectsLIN9-2923
Fixed

LIN9-2923 : Security Advisory - openssh - CVE-2016-10009

Created: Jan 8, 2017    Updated: Dec 3, 2018
Resolved Date: Jan 18, 2017
Found In Version: 9.0.0.3
Fix Version: 9.0.0.3
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

https://bugzilla.redhat.com/show_bug.cgi?id=1406269


It was found that ssh-agent could load PKCS#11 modules from paths outside of a trusted whitelist. An attacker able to load a crafted PKCS#11 module across a forwarded agent channel could potentially use this flaw to execute arbitrary code on the system running the ssh-agent. Note that the attacker must have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent.

This issue was fixed by only allowing the loading of module from a trusted (and configurable) whitelist.

CVE assignment:

http://seclists.org/oss-sec/2016/q4/708

Upstream patch:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215&sortby=date&f=h

Other Downloads


CVEs


Live chat
Online