Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-6563
HistoryAug 24, 2015 - 12:00 a.m.

CVE-2015-6563

2015-08-2400:00:00
ubuntu.com
ubuntu.com
29

0.0004 Low

EPSS

Percentile

9.8%

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD
platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX
requests, which allows local users to conduct impersonation attacks by
leveraging any SSH login access in conjunction with control of the sshd uid
to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and
monitor_wrap.c.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchopenssh< 1:5.9p1-5ubuntu1.6UNKNOWN
ubuntu14.04noarchopenssh< 1:6.6p1-2ubuntu2.2UNKNOWN
ubuntu15.04noarchopenssh< 1:6.7p1-5ubuntu1.2UNKNOWN