6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
Issue Overview:
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. (CVE-2015-6563)
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. (CVE-2015-6564)
Affected Packages:
openssh
Issue Correction:
Run yum update openssh to update your system.
New Packages:
i686:
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686
openssh-debuginfo-6.2p2-8.45.amzn1.i686
openssh-server-6.2p2-8.45.amzn1.i686
openssh-ldap-6.2p2-8.45.amzn1.i686
openssh-6.2p2-8.45.amzn1.i686
openssh-keycat-6.2p2-8.45.amzn1.i686
openssh-clients-6.2p2-8.45.amzn1.i686
src:
openssh-6.2p2-8.45.amzn1.src
x86_64:
pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64
openssh-keycat-6.2p2-8.45.amzn1.x86_64
openssh-server-6.2p2-8.45.amzn1.x86_64
openssh-debuginfo-6.2p2-8.45.amzn1.x86_64
openssh-6.2p2-8.45.amzn1.x86_64
openssh-clients-6.2p2-8.45.amzn1.x86_64
openssh-ldap-6.2p2-8.45.amzn1.x86_64
Red Hat: CVE-2015-6563, CVE-2015-6564
Mitre: CVE-2015-6563, CVE-2015-6564
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | pam_ssh_agent_auth | < 0.9.3-5.8.45.amzn1 | pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh-debuginfo | < 6.2p2-8.45.amzn1 | openssh-debuginfo-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh-server | < 6.2p2-8.45.amzn1 | openssh-server-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh-ldap | < 6.2p2-8.45.amzn1 | openssh-ldap-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh | < 6.2p2-8.45.amzn1 | openssh-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh-keycat | < 6.2p2-8.45.amzn1 | openssh-keycat-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | openssh-clients | < 6.2p2-8.45.amzn1 | openssh-clients-6.2p2-8.45.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | pam_ssh_agent_auth | < 0.9.3-5.8.45.amzn1 | pam_ssh_agent_auth-0.9.3-5.8.45.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | openssh-keycat | < 6.2p2-8.45.amzn1 | openssh-keycat-6.2p2-8.45.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | openssh-server | < 6.2p2-8.45.amzn1 | openssh-server-6.2p2-8.45.amzn1.x86_64.rpm |