logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-8325

Description

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.


Affected Software


CPE Name Name Version
debian:debian_linux debian debian linux 8.0
debian:debian_linux debian debian linux 7.0
openbsd:openssh openbsd openssh 7.2
canonical:ubuntu_linux canonical ubuntu linux 12.04
canonical:ubuntu_linux canonical ubuntu linux 15.10
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_core canonical ubuntu core 15.04
canonical:ubuntu_touch canonical ubuntu touch 15.04

Related