A FreeBSD Security Advisory concerning an OpenSSH vulnerability has recently been issued. You can view the full description of the vulnerability and solution on the mailing list page. User Vivek Gite also provides a solution for the problem below.
I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. OpenSSH supports accessing keys provided by a PKCS#11 token. II. Problem Description The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009] When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. [CVE-2016-10010]
Original announcement: https://lists.freebsd.org/pipermail/freebsd-security-notifications/2017-January/000305.html
OpenSSH is critical for both sysadmin and programmers. It is an implementation of the SSH protocol suite, from OpenBSD project. It provides an encrypted session to your server.
OpenSSH multiple vulnerabilities
OpenSSH has multiple vulnerabilities as of 11th January 2017 running on FreeBSD operating system. From the advisory:
The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]
When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of ‘root’ instead of the authenticated user. [CVE-2016-10010]
Patch your FreeBSD server: https://www.nixcraft.com/patch-your-freebsd-server-for-openssh-vulnerabilities-11jan2017/168/
