Bug 943007 (CVE-2015-6565) - VUL-0: CVE-2015-6565: sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices,which allows local user...
Summary: VUL-0: CVE-2015-6565: sshd in OpenSSH 6.8 and 6.9 uses world-writable permiss...
Status: RESOLVED UPSTREAM
Alias: CVE-2015-6565
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/137387/
Whiteboard: CVSSv2:NVD:CVE-2015-6564:6.9:(AV:L/AC...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-25 07:49 UTC by Sebastian Krahmer
Modified: 2019-03-21 23:58 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-08-25 07:49:30 UTC 
CVE-2015-6565

sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices,
which allows local users to cause a denial of service (terminal disruption) or
possibly have unspecified other impact by writing to a device, as demonstrated
by writing an escape sequence.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6565
http://www.cvedetails.com/cve/CVE-2015-6565/
Comment 1 Swamp Workflow Management 2015-08-25 22:00:27 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2015-09-03 05:32:48 UTC 
we do not ship 6.8 or 6.9 anywhere at this time, SLES nor openSUSE.

So we are not affected. Posted a note to the CVE pages.