OpenSSH up to 6.x on Non-OpenBSD monitor.c mm_answer_pam_free_ctx MONITOR_REQ_PAM_FREE_CTX Request privilege escalation : 8/24/2015 3:38:17 AM

This set of templates helps you define your app feature roadmap, now and over time.
From our sponsors
 

 

Vulnerability Advisories
Vulnerabilities of scip VulDB

OpenSSH up to 6.x on Non-OpenBSD monitor.c mm_answer_pam_free_ctx MONITOR_REQ_PAM_FREE_CTX Request privilege escalation
8/23/2015 7:00:00 PM

General

scipID: 77397
Affected: OpenSSH up to 6.x
Published: 08/24/2015
Risk: problematic

Created: 08/24/2015
Entry: 68.4% complete

Summary

A vulnerability was found in OpenSSH up to 6.x on Non-OpenBSD. It has been classified as problematic. This affects the function mm_answer_pam_free_ctx of the file monitor.c. The manipulation as part of a _MONITOR_REQ_PAM_FREE_CTX Request_ leads to a privilege escalation vulnerability (use-after-free). This is going to have an impact on confidentiality, integrity, and availability.

The weakness was disclosed 08/24/2015. This vulnerability is uniquely identified as CVE-2015-6564. An attack has to be approached locally. Technical details are known, but no exploit is available.

Upgrading to version 7.0 eliminates this vulnerability.

CVSS

Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P) [?]
Temp Score: 3.6 (CVSS2#E:ND/RL:OF/RC:ND) [?]

CPE

Exploiting

Class: Privilege escalation
Local: Yes
Remote: No

Availability: No

Countermeasures

Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found

Upgrade: OpenSSH 7.0

Timeline

08/24/2015 | Advisory disclosed
08/24/2015 | VulDB entry created
08/24/2015 | VulDB entry updated

Sources

CVE: CVE-2015-6564 (mitre.org) (nvd.nist.org) (cvedetails.com)

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.