OpenSSH up to 6.x on Non-OpenBSD monitor.c mm_answer_pam_free_ctx MONITOR_REQ_PAM_FREE_CTX Request privilege escalation : 8/24/2015 3:38:17 AM
This set of templates helps you define your app feature roadmap, now and over time. From our sponsors |
| Vulnerability Advisories |
| Vulnerabilities of scip VulDB |
OpenSSH up to 6.x on Non-OpenBSD monitor.c mm_answer_pam_free_ctx MONITOR_REQ_PAM_FREE_CTX Request privilege escalation
8/23/2015 7:00:00 PM
General
scipID: 77397
Affected: OpenSSH up to 6.x
Published: 08/24/2015
Risk: problematic
Created: 08/24/2015
Entry: 68.4% complete
Summary
A vulnerability was found in OpenSSH up to 6.x on Non-OpenBSD. It has been classified as problematic. This affects the function mm_answer_pam_free_ctx of the file monitor.c. The manipulation as part of a _MONITOR_REQ_PAM_FREE_CTX Request_ leads to a privilege escalation vulnerability (use-after-free). This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 08/24/2015. This vulnerability is uniquely identified as CVE-2015-6564. An attack has to be approached locally. Technical details are known, but no exploit is available.
Upgrading to version 7.0 eliminates this vulnerability.CVSS
Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
Temp Score: 3.6 (CVSS2#E:ND/RL:OF/RC:ND) [?]
CPE
Exploiting
Class: Privilege escalation
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found
Upgrade: OpenSSH 7.0
Timeline
08/24/2015 | Advisory disclosed
08/24/2015 | VulDB entry created
08/24/2015 | VulDB entry updated
Sources
CVE: CVE-2015-6564 (mitre.org) (nvd.nist.org) (cvedetails.com)
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions