Emergency fix for CVE-2015-5600 on FreeBSD

CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices

Before FreeBSD officially releases Security Advisory, we can grab the patch from upstream OpenSSH and apply it.

cd /usr/src/crypto/openssh
wget -O 5600.patch 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r1=1.42&r2=1.43'
patch < 5600.patch
cd /usr/src/secure/usr.sbin/sshd
make obj && make depend && make && make install
service sshd restart

Tested on FreeBSD 10.1

2 thoughts on “Emergency fix for CVE-2015-5600 on FreeBSD

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 變更 )

Twitter picture

You are commenting using your Twitter account. Log Out / 變更 )

Facebook照片

You are commenting using your Facebook account. Log Out / 變更 )

Google+ photo

You are commenting using your Google+ account. Log Out / 變更 )

連結到 %s