CVSS: 7.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-6564 – openssh: Use-after-free bug related to PAM support
https://notcve.org/view.php?id=CVE-2015-6564
24 Aug 2015 — Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Vulnerabilidad de uso después de la liberación de la memoria en la función mm_answer_pam_free_ctx en monitor.c en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, podría permitir a usuarios locales obtener p... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2015-6565 – OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-6565
24 Aug 2015 — sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. El fichero sshd en OpenSSH 6.8 and 6.9 fija permisos de lectura para cualquier usuario en dispositivos TTY, lo que posibilita a usuarios locales provocar denegación de servicio (desorganización de terminales) o tener un impacto inesperado al escr... • https://packetstorm.news/files/id/140757 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6563 – openssh: Privilege separation weakness related to PAM support
https://notcve.org/view.php?id=CVE-2015-6563
24 Aug 2015 — The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •
CVSS: 8.5EPSS: 40%CPEs: 1EXPL: 1CVE-2015-5600 – openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
https://notcve.org/view.php?id=CVE-2015-5600
28 Jul 2015 — The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list. Vulnerabilidad en la funció... • http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c • CWE-264: Permissions, Privileges, and Access Controls CWE-304: Missing Critical Step in Authentication •