OpenSSH is critical for both sysadmin and programmers. It is an implementation of the SSH protocol suite, from OpenBSD project. It provides an encrypted session to your server.
OpenSSH multiple vulnerabilities
OpenSSH has multiple vulnerabilities as of 11th January 2017 running on FreeBSD operating system. From the advisory:
The ssh-agent(1) agent supports loading a PKCS#11 module from outside a trusted whitelist. An attacker can request loading of a PKCS#11 module across forwarded agent-socket. [CVE-2016-10009]
When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd(8) with the privileges of ‘root’ instead of the authenticated user. [CVE-2016-10010]
Solution
I updated my vulnerable FreeBSD box via a binary patch:# freebsd-update fetch
# freebsd-update install
# service sshd restart
# ps aux | grep -i ssh-agent
If found any ssh-agent process, kill all running ssh-agent:# killall ssh-agent
Fig.01: Fixed FreeBSD-SA-17:01.openssh
For more info see FreeBSD security mailing list.