CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

UseLogin.txt

-- OpenSSH UseLogin bug proof of concept exploit -- by WaR / http://www.genhex.org -- Intro -- I was very curious in finding out how to exploit this problem. Although I don't think anyone uses this feature, I looked into the matter anyway. Here it goes. It was tested on the following platforms: -...