Vulnerability Details : CVE-2015-6565
sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence.
Vulnerability category: Denial of service
Products affected by CVE-2015-6565
- cpe:2.3:a:openbsd:openssh:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:6.9:*:*:*:*:*:*:*
Threat overview for CVE-2015-6565
Top countries where our scanners detected CVE-2015-6565
Top open port discovered on systems with this issue
22
IPs affected by CVE-2015-6565 53,351
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-6565!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-6565
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6565
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-6565
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6565
-
http://www.securitytracker.com/id/1033917
OpenSSH TTY Permissions Let Local Users Cause Denial of Service Conditions - SecurityTracker
-
http://openwall.com/lists/oss-security/2017/01/26/2
oss-security - Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux
-
http://www.openssh.com/txt/release-7.0
Vendor Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
HPSBMU03611 rev.2 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities
-
https://security.gentoo.org/glsa/201512-04
OpenSSH: Multiple vulnerabilities (GLSA 201512-04) — Gentoo security
-
http://www.securityfocus.com/bid/76497
OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
HPSBMU03590 rev.3 - HPE Systems Insight Manager (SIM), Multiple Remote Vulnerabilities
-
https://www.exploit-db.com/exploits/41173/
OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
HPSBMU03612 rev.2 - HPE Insight Control on Windows and Linux, Multiple Remote Vulnerabilities
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
-
http://www.openwall.com/lists/oss-security/2015/08/22/1
oss-security - Re: CVE request - OpenSSH 6.9 PAM privilege separation vulnerabilities
Jump to