New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote AIX host has a version of OpenSSH installed that is affected by multiple vulnerabilities.
DescriptionThe remote AIX host has a version of OpenSSH installed that is affected by the following vulnerabilities :
- A flaw exists in the monitor component when handling extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests. A local attacker can exploit this issue to conduct an impersonation attack, by sending a crafted MONITOR_REQ_PWNAM request that leverages any SSH login access with control of the sshd UID. (CVE-2015-6563)
- A use-after-free error exists in function mm_answer_pam_free_ctx() in the file monitor.c when handling MONITOR_REQ_PAM_FREE_CTX requests. A local attacker can exploit this to gain elevated privileges, by leveraging control of the sshd UID to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
SolutionA fix is available and can be downloaded from the AIX website.