Vulnerability DatabaseCVE-2015-6563
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-6563
August 24, 2015
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
Related ResourcesĀ (19)
http://www.openwall.com/lists/oss-security/2015/08/22/1
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
http://www.openssh.com/txt/release-7.0
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
https://security.netapp.com/advisory/ntap-20180201-0002/
http://seclists.org/fulldisclosure/2015/Aug/54
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-766
https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
http://www.securityfocus.com/bid/76317
http://rhn.redhat.com/errata/RHSA-2016-0741.html
https://access.redhat.com/security/cve/CVE-2015-6563
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
https://support.apple.com/HT205375
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://security.gentoo.org/glsa/201512-04
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
1.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
0.10