AIX OpenSSH Advisory : openssh_advisory6.asc

Medium Nessus Plugin ID 86656

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote AIX host has a version of OpenSSH installed that is affected by multiple vulnerabilities.

Description

The remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities :

- A flaw exists in the monitor component when handling extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests. A local attacker can exploit this issue to conduct an impersonation attack, by sending a crafted MONITOR_REQ_PWNAM request that leverages any SSH login access with control of the sshd UID. (CVE-2015-6563)

- A use-after-free error exists in function mm_answer_pam_free_ctx() in the file monitor.c when handling MONITOR_REQ_PAM_FREE_CTX requests. A local attacker can exploit this to gain elevated privileges, by leveraging control of the sshd UID to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
(CVE-2015-6564)

Solution

A fix is available and can be downloaded from the AIX website.

See Also

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory6.asc

https://www-01.ibm.com/marketing/iwm/iwm/web/preLogin.do?source=aixbp

Plugin Details

Severity: Medium

ID: 86656

File Name: aix_openssh_advisory6.nasl

Version: 1.9

Type: local

Published: 2015/10/29

Updated: 2018/07/17

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.9

CVSS v2.0

Base Score: 6.9

Temporal Score: 5.1

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:5.3, cpe:/o:ibm:aix:6.1, cpe:/o:ibm:aix:7.1, cpe:/a:openbsd:openssh

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2015/10/21

Vulnerability Publication Date: 2015/08/11

Reference Information

CVE: CVE-2015-6563, CVE-2015-6564

BID: 76317