CVE-2015-6565

Openbsd Openssh - Access Control

Title source: rule

Description

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.

Exploits (1)

exploitdb WORKING POC

by Federico Bento · clocallinux

https://www.exploit-db.com/exploits/41173

View Code ZIP pw:eip

References (11)

[Vendor Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

[Vendor Advisory] http://www.openssh.com/txt/release-7.0

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76497

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1033917

[Vendor Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085

[Vendor Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41173/

[Third Party Advisory] https://security.gentoo.org/glsa/201512-04

[Mailing List] http://openwall.com/lists/oss-security/2017/01/26/2

[Mailing List] http://www.openwall.com/lists/oss-security/2015/08/22/1

Scores

EPSS 0.0034

EPSS Percentile 57.0%

Details

CWE

CWE-264

Status published

Products (2)

openbsd/openssh 6.8

openbsd/openssh 6.9

Published Aug 24, 2015

Tracked Since Feb 18, 2026