ALPINE-CVE-2015-8325
- Source
- https://security.alpinelinux.org/vuln/CVE-2015-8325
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2015-8325.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALPINE-CVE-2015-8325
- Upstream
- Published
- 2016-05-01T01:59:00.143Z
- Modified
- 2025-11-19T05:58:24.354596Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.
- References
Affected packages
Alpine:v3.2 / openssh
Package
- Name
- openssh
- Purl
- pkg:apk/alpine/openssh?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8_p1-r10
Affected versions
5.*
5.1p1-r0
5.1_p1-r1
5.1_p1-r2
5.2_p1-r0
5.2_p1-r1
5.2_p1-r2
5.2_p1-r3
5.3_p1-r3
5.4_p1-r0
5.4_p1-r1
5.4_p1-r2
5.4_p1-r3
5.5_p1-r0
5.6_p1-r0
5.6_p1-r1
5.8_p1-r0
5.8_p1-r1
5.8_p1-r2
5.8_p2-r0
5.8_p2-r1
5.8_p2-r2
5.9_p1-r0
5.9_p1-r1
5.9_p1-r2
6.*
6.0_p1-r0
6.1_p1-r0
6.1_p1-r1
6.1_p1-r2
6.2_p1-r0
6.2_p2-r0
6.2_p2-r1
6.2_p2-r2
6.3_p1-r0
6.3_p1-r1
6.3_p1-r2
6.4_p1-r0
6.4_p1-r1
6.6_p1-r0
6.6_p1-r1
6.6_p1-r2
6.6_p1-r3
6.6_p1-r4
6.6_p1-r5
6.6_p1-r6
6.7_p1-r0
6.8_p1-r0
6.8_p1-r1
6.8_p1-r2
6.8_p1-r3
6.8_p1-r4
6.8_p1-r5
6.8_p1-r6
6.8_p1-r7
6.8_p1-r8
6.8_p1-r9