CVE-2015-6563

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-6563

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-6563.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-6563

Related

Published

2015-08-24T01:59:00Z

Modified

2024-09-18T01:00:22Z

Summary

[none]

Details

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITORREQPWNAM request, related to monitor.c and monitor_wrap.c.

References

Affected packages

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.9p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.9p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:6.9p1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}