Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2015-592
HistorySep 02, 2015 - 12:00 p.m.

Medium: openssh

2015-09-0212:00:00
alas.aws.amazon.com
19

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Issue Overview:

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (CVE-2015-6563)

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (CVE-2015-6564)

Affected Packages:

openssh

Issue Correction:
Run yum update openssh to update your system.

New Packages:

i686:  
    pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686  
    openssh-debuginfo-6.2p2-8.45.amzn1.i686  
    openssh-server-6.2p2-8.45.amzn1.i686  
    openssh-ldap-6.2p2-8.45.amzn1.i686  
    openssh-6.2p2-8.45.amzn1.i686  
    openssh-keycat-6.2p2-8.45.amzn1.i686  
    openssh-clients-6.2p2-8.45.amzn1.i686  
  
src:  
    openssh-6.2p2-8.45.amzn1.src  
  
x86_64:  
    pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64  
    openssh-keycat-6.2p2-8.45.amzn1.x86_64  
    openssh-server-6.2p2-8.45.amzn1.x86_64  
    openssh-debuginfo-6.2p2-8.45.amzn1.x86_64  
    openssh-6.2p2-8.45.amzn1.x86_64  
    openssh-clients-6.2p2-8.45.amzn1.x86_64  
    openssh-ldap-6.2p2-8.45.amzn1.x86_64

Additional References

Red Hat: CVE-2015-6563, CVE-2015-6564

Mitre: CVE-2015-6563, CVE-2015-6564

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686pam_ssh_agent_auth< 0.9.3-5.8.45.amzn1pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686.rpm
Amazon Linux1i686openssh-debuginfo< 6.2p2-8.45.amzn1openssh-debuginfo-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1i686openssh-server< 6.2p2-8.45.amzn1openssh-server-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1i686openssh-ldap< 6.2p2-8.45.amzn1openssh-ldap-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1i686openssh< 6.2p2-8.45.amzn1openssh-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1i686openssh-keycat< 6.2p2-8.45.amzn1openssh-keycat-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1i686openssh-clients< 6.2p2-8.45.amzn1openssh-clients-6.2p2-8.45.amzn1.i686.rpm
Amazon Linux1x86_64pam_ssh_agent_auth< 0.9.3-5.8.45.amzn1pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64.rpm
Amazon Linux1x86_64openssh-keycat< 6.2p2-8.45.amzn1openssh-keycat-6.2p2-8.45.amzn1.x86_64.rpm
Amazon Linux1x86_64openssh-server< 6.2p2-8.45.amzn1openssh-server-6.2p2-8.45.amzn1.x86_64.rpm
Rows per page:
1-10 of 141

Related

f5 2
ibm 13
nessus 26
openvas 14
aix 2
fedora 1
amazon 1
altlinux 2
redhat 2
freebsd 1
centos 2
oraclelinux 2
suse 1
veracode 2
debiancve 2
cve 2
gentoo 1
prion 2
ubuntucve 2
symantec 1
osv 1
debian 1
rosalinux 1
ics 1
securityvulns 2
f5
f5
K17263 : OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-17 00:00:00
SOL17263 - OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840
2018-06-18 00:32:32
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)
2023-03-29 01:48:02
nessus
nessus
F5 Networks BIG-IP : OpenSSH vulnerabilities (K17263)
2016-06-02 00:00:00
Amazon Linux AMI : openssh (ALAS-2015-592)
2015-09-03 00:00:00
AIX OpenSSH Advisory : openssh_advisory6.asc
2015-10-29 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-592)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-625)
2015-12-15 00:00:00
OpenSSH Multiple Vulnerabilities
2015-09-15 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2015-10-21 09:17:40
AIX OpenSSH Vulnerability
2016-01-29 16:13:16
fedora
fedora
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
2015-08-27 23:52:00
amazon
amazon
Medium: openssh
2015-12-14 10:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.4
2016-11-08 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.4
2016-11-08 00:00:00
redhat
redhat
(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update
2015-11-19 14:41:38
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
freebsd
freebsd
OpenSSH -- PAM vulnerabilities
2015-08-11 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2015-11-30 19:46:33
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2015-11-23 00:00:00
openssh security, bug fix, and enhancement update
2016-05-12 00:00:00
suse
suse
Security update for openssh (important)
2015-09-21 09:10:02
veracode
veracode
Privilege Escalation
2019-05-02 05:29:33
Privilege Escalation
2019-05-02 05:29:33
debiancve
debiancve
CVE-2015-6563
2015-08-24 01:59:00
CVE-2015-6564
2015-08-24 01:59:00
cve
cve
CVE-2015-6564
2015-08-24 01:59:00
CVE-2015-6563
2015-08-24 01:59:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2015-12-20 00:00:00
prion
prion
Design/Logic Flaw
2015-08-24 01:59:00
Design/Logic Flaw
2015-08-24 01:59:00
ubuntucve
ubuntucve
CVE-2015-6564
2015-08-24 00:00:00
CVE-2015-6563
2015-08-24 00:00:00
symantec
symantec
SA104 : OpenSSH Vulnerabilities
2015-12-08 08:00:00
osv
osv
openssh - security update
2018-09-10 00:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
2015-10-25 00:00:00

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON
Related for ALAS-2015-592
f52ibm13nessus26openvas14aix2fedora1amazon1altlinux2redhat2freebsd1centos2oraclelinux2suse1veracode2debiancve2cve2gentoo1prion2ubuntucve2symantec1osv1debian1rosalinux1ics1securityvulns2