PT-2015-3449 · Openssh+5 · Openssh+5

Moritz Jodeit

Published

2015-08-14

Updated

2024-07-08

CVE-2015-6564

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 7.0

Description The issue is related to a use-after-free vulnerability in the mm answer pam free ctx function in monitor.c in sshd. This vulnerability might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR REQ PAM FREE CTX request. The vulnerability is associated with errors in privilege management.

Recommendations For OpenSSH versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the mm answer pam free ctx function in monitor.c to minimize the risk of exploitation. Additionally, ensure that the sshd uid is properly managed to prevent unauthorized access.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-416

Related Identifiers

ALT-PU-2016-1023

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

BDU:2023-07109

CESA-2015_2088

CESA-2016_0741

CVE-2015-6564

DLA-1500-1

RHSA-2015:2088

RHSA-2015_2088

RHSA-2016:0741

RHSA-2016_0741

SUSE-SU-2015:1544-1

SUSE-SU-2015:1581-1

SUSE-SU-2015:1695-1

USN-2710-1

Affected Products

Alt Linux

Centos

Ibm Aix

Openssh

Red Hat

Suse

PT-2015-3449 · Openssh+5 · Openssh+5

CVE-2015-6564

Weakness Enumeration

Related Identifiers

Affected Products

References · 119