5 matches found
SUSE CVE-2015-6564
Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request...
ceph: Unauthorized global_id reuse in cephx
An authentication flaw was found in ceph. When the monitor handles CEPHXGETAUTHSESSIONKEY requests, it doesn't sanitize otherkeys, allowing key reuse. An attacker who can request a globalid can exploit the ability of any user to request a globalid previously associated with another user, as ceph...
UBUNTU-CVE-2015-6564
Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request...
DEBIAN-CVE-2015-6563
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...
PT-2015-3448 · Openssh +5 · Openssh +5
Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 7.0 Description: The issue allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR REQ PWNAM request. This is relat...