CVE-2015-6565

Severity

72%

Complexity

39%

Confidentiality

165%

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

OpenBSD OpenSSH

First reported 9 years ago

2015-08-24 01:59:00

Last updated 7 years ago

2017-09-02 01:29:00

Affected Software

OpenBSD OpenSSH 6.8

6.8

OpenBSD OpenSSH 6.9

6.9

References

[oss-security] 20170126 Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux

http://www.openssh.com/txt/release-7.0

Vendor Advisory

[oss-security] 20150821 Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities

76497

1033917

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

GLSA-201512-04

41173

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.