CVE-2015-6564

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html

http://rhn.redhat.com/errata/RHSA-2016-0741.html

http://seclists.org/fulldisclosure/2015/Aug/54

http://www.openssh.com/txt/release-7.0

http://www.openwall.com/lists/oss-security/2015/08/22/1

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/76317

https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7

https://kc.mcafee.com/corporate/index?page=content&id=SB10136

https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html

https://security.gentoo.org/glsa/201512-04

https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764

Details

Source: MITRE

Published: 2015-08-24

Updated: 2019-03-26

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* versions up to 6.9 (inclusive)

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
130514Juniper JSA10940NessusJunos Local Security Checks
high
106497pfSense < 2.2.5 Multiple Vulnerabilities (SA-15_08)NessusFirewalls
high
91540Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
critical
91432F5 Networks BIG-IP : OpenSSH vulnerabilities (K17263)NessusF5 Networks Local Security Checks
medium
91166CentOS 6 : openssh (CESA-2016:0741)NessusCentOS Local Security Checks
critical
91148Oracle Linux 6 : openssh (ELSA-2016-0741)NessusOracle Linux Local Security Checks
critical
91073RHEL 6 : openssh (RHSA-2016:0741)NessusRed Hat Local Security Checks
critical
9309OpenSSH < 7.0 Multiple VulnerabilitiesNessus Network MonitorSSH
high
87567Scientific Linux Security Update : openssh on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87545GLSA-201512-04 : OpenSSH: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
87351Amazon Linux AMI : openssh (ALAS-2015-625)NessusAmazon Linux Local Security Checks
high
87128CentOS 7 : openssh (CESA-2015:2088)NessusCentOS Local Security Checks
high
87019Oracle Linux 7 : openssh (ELSA-2015-2088)NessusOracle Linux Local Security Checks
high
86967RHEL 7 : openssh (RHSA-2015:2088)NessusRed Hat Local Security Checks
high
86656AIX OpenSSH Advisory : openssh_advisory6.ascNessusAIX Local Security Checks
medium
86339SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1695-1) (Logjam)NessusSuSE Local Security Checks
low
86057SUSE SLED11 / SLES11 Security Update : openssh (SUSE-SU-2015:1581-1) (Logjam)NessusSuSE Local Security Checks
low
85941SUSE SLED11 Security Update : openssh (SUSE-SU-2015:1547-2) (Logjam)NessusSuSE Local Security Checks
low
85929SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)NessusSuSE Local Security Checks
low
85928SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)NessusSuSE Local Security Checks
low
85750Amazon Linux AMI : openssh (ALAS-2015-592)NessusAmazon Linux Local Security Checks
medium
85668Fedora 21 : openssh-6.6.1p1-16.fc21 (2015-13469)NessusFedora Local Security Checks
high
85594FreeBSD : OpenSSH -- PAM vulnerabilities (2920c449-4850-11e5-825f-c80aa9043978)NessusFreeBSD Local Security Checks
high
85382OpenSSH < 7.0 Multiple VulnerabilitiesNessusMisc.
medium