Emergency fix for CVE-2015-5600 on FreeBSD

CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices

Before FreeBSD officially releases Security Advisory, we can grab the patch from upstream OpenSSH and apply it.

cd /usr/src/crypto/openssh
wget -O 5600.patch 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43'
patch < 5600.patch
cd /usr/src/secure/usr.sbin/sshd
make obj && make depend && make && make install
service sshd restart

Tested on FreeBSD 10.1

2 thoughts on “Emergency fix for CVE-2015-5600 on FreeBSD



WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )


您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s