UBUNTU-CVE-2015-8325

Source
https://ubuntu.com/security/CVE-2015-8325
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-8325.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-8325
Related
Published
2016-04-30T00:00:00Z
Modified
2016-04-30T00:00:00Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LDPRELOAD environment variable.

References

Affected packages

Ubuntu:14.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.6p1-2ubuntu2.7

Affected versions

1:6.*

1:6.2p2-6
1:6.2p2-6ubuntu1
1:6.4p1-1
1:6.4p1-2
1:6.5p1-1
1:6.5p1-2
1:6.5p1-3
1:6.5p1-4
1:6.5p1-6
1:6.6p1-1
1:6.6p1-2
1:6.6p1-2ubuntu1
1:6.6p1-2ubuntu2
1:6.6p1-2ubuntu2.2
1:6.6p1-2ubuntu2.3
1:6.6p1-2ubuntu2.4
1:6.6p1-2ubuntu2.6

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-client-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-client-udeb"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-client-udeb-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-server-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-server-udeb"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-server-udeb-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "openssh-sftp-server-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "ssh-askpass-gnome"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "ssh-askpass-gnome-dbgsym"
        },
        {
            "binary_version": "1:6.6p1-2ubuntu2.7",
            "binary_name": "ssh-krb5"
        }
    ]
}

Ubuntu:16.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.2p2-3

Affected versions

1:6.*

1:6.9p1-2
1:6.9p1-3

1:7.*

1:7.1p1-1
1:7.1p1-3
1:7.1p1-4
1:7.1p1-6
1:7.1p2-1
1:7.1p2-2
1:7.2p1-1
1:7.2p2-1
1:7.2p2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client-ssh1"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client-ssh1-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client-udeb"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-client-udeb-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-server-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-server-udeb"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-server-udeb-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "openssh-sftp-server-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "ssh-askpass-gnome"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "ssh-askpass-gnome-dbgsym"
        },
        {
            "binary_version": "1:7.2p2-3",
            "binary_name": "ssh-krb5"
        }
    ]
}