FreeBSD Bugzilla – Attachment 223234 Details for
Bug 254258
security/vuxml: Document double-free memory corruption in OpenSSH
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch file
security_vuxml.patch (text/plain), 2.10 KB, created by
Yasuhiro Kimura
on 2021-03-13 20:36:20 UTC
(
hide
)
Description:
Patch file
Filename:
MIME Type:
Creator:
Yasuhiro Kimura
Created:
2021-03-13 20:36:20 UTC
Size:
2.10 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 568278) >+++ security/vuxml/vuln.xml (working copy) >@@ -78,6 +78,50 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="76b5068c-8436-11eb-9469-080027f515ea"> >+ <topic>OpenSSH -- Double-free memory corruption in ssh-agent</topic> >+ <affects> >+ <package> >+ <name>openssh-portable</name> >+ <range><ge>8.2p1,1</ge><lt>8.5p1,1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>OpenBSD Project reports:</p> >+ <blockquote cite="https://www.openssh.com/txt/release-8.5"> >+ <p> >+ ssh-agent(1): fixed a double-free memory corruption that was >+ introduced in OpenSSH 8.2 . We treat all such memory faults as >+ potentially exploitable. This bug could be reached by an attacker >+ with access to the agent socket. >+ </p> >+ <p> >+ On modern operating systems where the OS can provide information >+ about the user identity connected to a socket, OpenSSH ssh-agent >+ and sshd limit agent socket access only to the originating user >+ and root. Additional mitigation may be afforded by the system's >+ malloc(3)/free(3) implementation, if it detects double-free >+ conditions. >+ </p> >+ <p> >+ The most likely scenario for exploitation is a user forwarding an >+ agent either to an account shared with a malicious user or to a >+ host with an attacker holding root access. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-28041</cvename> >+ <url>https://www.openssh.com/txt/release-8.5</url> >+ </references> >+ <dates> >+ <discovery>2021-03-03</discovery> >+ <entry>2021-03-13</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="72709326-81f7-11eb-950a-00155d646401"> > <topic>go -- encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader; archive/zip: panic when calling Reader.Open</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=223234">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 254258
: 223234