CVE-2015-6563

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.0

Description The issue allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR REQ PWNAM request. This is related to the monitor component in sshd accepting extraneous username data in MONITOR REQ PAM INIT CTX requests. A use-after-free vulnerability in the mm answer pam free ctx function in sshd might also allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR REQ PAM FREE CTX request. The vulnerability exists due to insufficient input validation.

Recommendations For OpenSSH versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the MONITOR REQ PAM INIT CTX and MONITOR REQ PWNAM requests to minimize the risk of exploitation. Additionally, ensure that the sshd uid is properly secured to prevent unauthorized access.