Page 5 of 47 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. La función do_setup_env en session.c en sshd en OpenSSH hasta la versión 7.2p2, cuando la funcionalidad UseLogin está activa y PAM está configurado para leer archivos .pam_environment en directorios home de usuario, permite a usuarios locales obtener privilegios desencadenando un entorno manipulado para el programa /bin/login, según lo demostrado por una variable de entorno LD_PRELOAD. It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. • http://rhn.redhat.com/errata/RHSA-2016-2588.html http://rhn.redhat.com/errata/RHSA-2017-0641.html http://www.debian.org/security/2016/dsa-3550 http://www.securityfocus.com/bid/86187 http://www.securitytracker.com/id/1036487 https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 https://bugzilla.redhat.com/show_bug.cgi?id=1328012 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://people.canonical.com/~ubuntu-security/cve/2015&#x • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. El cliente en OpenSSH en versiones anteriores a 7.2 no maneja correctamente falló en la generación de cookies para el reenvío X11 no confiable y confía en el servidor X11 local para las decisiones de control de acceso, lo que permite a los clientes remotos X11 activar un fallback y obtener privilegios de reenvío X11 confiables aprovechando los problemas de configuración de este servidor X11, como lo demuestra la falta de la extensión SECURITY en este servidor X11. An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. • http://openwall.com/lists/oss-security/2016/01/15/13 http://rhn.redhat.com/errata/RHSA-2016-0465.html http://rhn.redhat.com/errata/RHSA-2016-0741.html http://www.openssh.com/txt/release-7.2 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securityfocus.com/bid/84427 http://www.securitytracker.com/id/1034705 https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://bugzilla.redhat.com/show_bug.cgi • CWE-284: Improper Access Control CWE-287: Improper Authentication •

CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 1

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Múltiples vulnerabilidades de inyección CRLF en session.c en sshd en OpenSSH en versiones anteriores a 7.2p2 permite a usuarios remotos autenticados eludir las restricciones de comandos de shell previstas a través del redireccionamiento de datos X11 manipulados, relacionadas con las funciones (1) do_authenticated1 y (2) session_x11_req. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. OpenSSH versions 7.2p1 and below suffer from a command injection and /bin/false bypass vulnerability via xauth. • https://www.exploit-db.com/exploits/39569 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html http://lists.fedoraproject.org/pipermail& • CWE-20: Improper Input Validation •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request. Vulnerabilidad de uso después de la liberación de la memoria en la función mm_answer_pam_free_ctx en monitor.c en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, podría permitir a usuarios locales obtener privilegios mediante el aprovechamiento del control del sshd uid para enviar una petición MONITOR_REQ_PAM_FREE_CTX inesperadamente temprana. A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://rhn.redhat.com/errata/RHSA-2016-0741.html http://seclists.org/fulldisclosure/2015/Aug/54 http://www.openssh.com/txt/release-7.0 http://www.openwall.com/lists/oss-security/2015/08/22/1 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr20 • CWE-264: Permissions, Privileges, and Access Controls CWE-416: Use After Free •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de usuario extraños en las solicitudes MONITOR_REQ_PAM_INIT_CTX, lo que permite a usuarios locales llevar a cabo ataques de suplantación aprovechando cualquier acceso de inicio de sesión SSH junto con el control del sshd uid para enviar una petición MONITOR_REQ_PWNAM manipulada, relacionado con monitor.c y monitor_wrap.c. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html http://rhn.redhat.com/errata/RHSA-2016-0741.html http://seclists.org/fulldisclosure/2015/Aug/54 http://www.openssh.com/txt/release-7.0 http://www.openwall.com/lists/oss-security/2015/08/22/1 http://www.oracle.com/technetwork/topics/security/bulletinjan2016- • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment •