CVE-2015-6563
openssh: Privilege separation weakness related to PAM support
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Vulnerabilidad en el componente monitor en sshd en OpenSSH en versiones anteriores a 7.0 en plataformas no OpenBSD, acepta datos de nombre de usuario extraños en las solicitudes MONITOR_REQ_PAM_INIT_CTX, lo que permite a usuarios locales llevar a cabo ataques de suplantación aprovechando cualquier acceso de inicio de sesión SSH junto con el control del sshd uid para enviar una petición MONITOR_REQ_PWNAM manipulada, relacionado con monitor.c y monitor_wrap.c.
A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-08-21 CVE Reserved
- 2015-08-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-266: Incorrect Privilege Assignment
CAPEC
References (20)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openbsd Search vendor "Openbsd" | Openssh Search vendor "Openbsd" for product "Openssh" | <= 6.9 Search vendor "Openbsd" for product "Openssh" and version " <= 6.9" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.11.0 Search vendor "Apple" for product "Mac Os X" and version " <= 10.11.0" | - |
Affected
|