CVE-2015-6565

OpenSSH 6.8-6.9 - Denial of Service via TTY Device Permission Issue

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6565. PoCs published by Federico Bento.

AI-analyzed exploit summary This exploit leverages a race condition in OpenSSH 6.8-6.9 to gain local privilege escalation by manipulating PTY slave devices. It copies a SUID shell to /tmp/sh, allowing the attacker to escalate to root.

Description

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

Exploits (1)

exploitdb WORKING POC
by Federico Bento · clocallinux
https://www.exploit-db.com/exploits/41173

This exploit leverages a race condition in OpenSSH 6.8-6.9 to gain local privilege escalation by manipulating PTY slave devices. It copies a SUID shell to /tmp/sh, allowing the attacker to escalate to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: OpenSSH 6.8-6.9
No auth needed
Prerequisites: Local access to the target system · Ability to predict or control the next PTY slave device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201512-04
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1033917
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/41173/
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/76497

Scores

EPSS 0.0034
EPSS Percentile 57.5%

Details

CWE
CWE-264
Status published
Products (2)
openbsd/openssh 6.8
openbsd/openssh 6.9
Published Aug 24, 2015
Tracked Since Feb 18, 2026