CVE-2015-8325

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-8325

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-8325.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-8325

Related

Published

2016-05-01T01:59:00Z

Modified

2024-09-18T02:14:58.811629Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.

References

Affected packages

Alpine:v3.2 / openssh

Package

Name: openssh
Purl: pkg:apk/alpine/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.8_p1-r10

Affected versions

5.*

5.1p1-r0

5.1_p1-r1

5.1_p1-r2

5.2_p1-r0

5.2_p1-r1

5.2_p1-r2

5.2_p1-r3

5.3_p1-r3

5.4_p1-r0

5.4_p1-r1

5.4_p1-r2

5.4_p1-r3

5.5_p1-r0

5.6_p1-r0

5.6_p1-r1

5.8_p1-r0

5.8_p1-r1

5.8_p1-r2

5.8_p2-r0

5.8_p2-r1

5.8_p2-r2

5.9_p1-r0

5.9_p1-r1

5.9_p1-r2

6.*

6.0_p1-r0

6.1_p1-r0

6.1_p1-r1

6.1_p1-r2

6.2_p1-r0

6.2_p2-r0

6.2_p2-r1

6.2_p2-r2

6.3_p1-r0

6.3_p1-r1

6.3_p1-r2

6.4_p1-r0

6.4_p1-r1

6.6_p1-r0

6.6_p1-r1

6.6_p1-r2

6.6_p1-r3

6.6_p1-r4

6.6_p1-r5

6.6_p1-r6

6.7_p1-r0

6.8_p1-r0

6.8_p1-r1

6.8_p1-r2

6.8_p1-r3

6.8_p1-r4

6.8_p1-r5

6.8_p1-r6

6.8_p1-r7

6.8_p1-r8

6.8_p1-r9

Debian:11 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openssh

Package

Name: openssh
Purl: pkg:deb/debian/openssh?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:7.2p2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}