CVE-2015-6564

Published: 24 August 2015

Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.

Priority

Medium

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
Upstream
Released (1:6.9p1-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1:6.6p1-2ubuntu2.2)