Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-6564

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20150813 BFS-SA-2015-0...
MLIST: [oss-security] 2015082...
CONFIRM: http://www.openssh.com...
CONFIRM: https://github.com/ope...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 76317
GENTOO: GLSA-201512-04
FEDORA: FEDORA-2015-13469
SUSE: SUSE-SU-2015:1581
CONFIRM: https://kc.mcafee.com/...
REDHAT: RHSA-2016:0741
MLIST: [debian-lts-announce] ...
CONFIRM: https://www.broadcom.c...
CONFIRM: https://cert-portal.si...

Launchpad.net

CVE 2015-6564

Related bugs

References