OpenSSH up to 6.x on Non-OpenBSD sshd monitor.c MONITOR_REQ_PAM_INIT_CTX Request privilege escalation : 8/24/2015 3:38:17 AM
This eBook shows you how to build great push messages that convert for your app. From our sponsors |
| Vulnerability Advisories |
| Vulnerabilities of scip VulDB |
OpenSSH up to 6.x on Non-OpenBSD sshd monitor.c MONITOR_REQ_PAM_INIT_CTX Request privilege escalation
8/23/2015 7:00:00 PM
General
scipID: 77396
Affected: OpenSSH up to 6.x
Published: 08/24/2015
Risk: problematic
Created: 08/24/2015
Entry: 67.9% complete
Summary
A vulnerability was found in OpenSSH up to 6.x on Non-OpenBSD and classified as problematic. Affected by this issue is an unknown function of the file monitor.c of the component sshd. The manipulation as part of a _MONITOR_REQ_PAM_INIT_CTX Request_ leads to a privilege escalation vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was released 08/24/2015. This vulnerability is handled as CVE-2015-6563. The attack needs to be approached locally. There are known technical details, but no exploit is available.
Upgrading to version 7.0 eliminates this vulnerability.CVSS
Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
Temp Score: 3.6 (CVSS2#E:ND/RL:OF/RC:ND) [?]
CPE
Exploiting
Class: Privilege escalation
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found
Upgrade: OpenSSH 7.0
Timeline
08/24/2015 | Advisory disclosed
08/24/2015 | VulDB entry created
08/24/2015 | VulDB entry updated
Sources
CVE: CVE-2015-6563 (mitre.org) (nvd.nist.org) (cvedetails.com)
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions